ICYMI: AV halts op; Locky duped; HIV leak; Greek DdoS; Phishers strike

The latest In Case You Missed It (ICYMI) looks at AV halts op; Locky loses out; HIV leak fine; Bank of Greece DDoSed; Investment firm spearphished.

Merge Hemo medical monitor
Merge Hemo medical monitor

Anti-virus malware scan stops surgery

A patient in the US undergoing heart surgery was put at risk after anti-virus software started running on a computer monitoring the procedure.  An investigation by the US Food and Drug Administration (FDA), found that anti-malware software on Merge hemo equipment  ceased to function for around five minutes, leaving a blank screen as it was set to scan for viruses every hour, against the recommendation of the equipment maker.

In the middle of a heart catheterisation procedure, the hemo monitor PC lost communication with the hemo client and the hemo monitor went black. More

White hat swaps Locky payload for dud

A white hat hacker appears to have hacked into Locky ransomware rendering it ineffective. “In place of the expected ransomware, we downloaded a 12kb binary with the plain message 'Stupid Locky,'” said Sven Carlsen, team leader of Virus Lab Disinfection Service at Avira.

Locky malware encrypts files, urging users to log onto a website on the Dark Web via Tor and pay a ransomware of one Bitcoin. Carlsen speculated that a benevolent hacker has managed to gain control of the command and control server used by Locky to replace the file. More

 £180k fine for HIV data leak

The Information Commissioner's Office (ICO) has levied a £180,000 fine against a London HIV clinic for accidentally divulging the names and email addresses of 780 patients.

In September, 780 patients of sexual health clinic 56 Dean Street – who had signed up for email notification of their test results and other information – received an email newsletter with recipients names and email addresses exposed in the ‘to' line – deemed by the ICO to be a serious breach of the Data Protection Act which was likely to cause great distress.  More  

'Operation Icarus' DDoSes Bank of Greece

Anonymous launched an attack against the Bank of Greece as part of a 30-day campaign targeting central banks across the world.

"The attack lasted for a few minutes and was successfully tackled by the bank's security systems,” an unnamed official told Reuters. The official said only the bank's website was affected by the incident. The attack was the second phase of "Operation Icarus," a campaign that began in January and targeted what the group called the “Global Banking Cartel,” according to a video Anonymous posted to YouTube on 2 May. More

Investment firm spearphished

Mimecast found since January there has been a 67 percent increase in fraudulent payments and a 43 percent uptick W-2 type attacks. An employee at a Troy, Michigan, investment firm was tricked via a spearphishing attack into transferring hundreds of thousands of pounds to a Hong Kong bank.

The Troy police department confirmed that a Pomeroy Investment Corp filed a report on April 18 stating a staffer had sent $495,000 (£341,144) overseas to China after receiving an email request purportedly from a company executive. The error was noticed eight days after it took place. More

SC Webcasts UK

Sign up to our newsletters

FOLLOW US