ICYMI: WhatsApp trap; Cerber RaaS; LinkedIn loss; Screen lock; 2 yrs to GDPR
The latest In Case You Missed It (ICYMI) looks at WhatsApp malware; Cerber Ransomware; LinkedIn loses 117m credentials; Screen lock scammers; GDPR countdown. Note: UK Holiday 30 May.
A new scam is tricking users of WhatsApp into downloading a so-called exclusive version of the app called ‘WhatsApp Gold', which infects mobile devices with malware.
The upgrade to the ‘premium' version of the app claims to offer new features such as video chats, sending 100 pictures at once and deleting messages after being sent. Clicking on a link to download the update takes users to a website containing malicious software which infects mobiles and may allow cyber-criminals to steal data and track a user's activity. More
Cerber crypto-ransomware - a new Ransom-as-a-service (RaaS) offered on a Russian underground forum, according to a blog post by SenseCy – is being distributed in an email campaign tracked by security researchers at Forcepoint.
Use of Windows Script files (WSFs) differentiates this campaign from earlier instances. WSFs are executable with the Windows wscript.exe utility and can contain scripts from any Windows Script compatible scripting engine in a single file. After successful execution of the file, the Cerber crypto-ransomware will be downloaded on the victim's system, either via a double-zipped file with a WSF inside attached to the malicious email or as an unsubscribe link at the bottom of the email which is linked to the same ZIP file. Forcepoint says it has found weaknesses in the encryption implementation which could be used to partially decrypt the files. More
The 2012 LinkedIn data breach may be the breach that just keeps on giving with the news that 117 million customer email credentials originating from that hack were found for sale on the dark web. They come from a larger 167 million data dump of accounts that were supposedly grabbed when LinkedIn was breached in 2012.
The initial story came from Motherboard, which reported it was contacted by someone going by the name “Peace” who said he was selling the data set on an illegal market place called The Real Deal for five Bitcoins, or about £1,500. More
Scammers who pretend to be tech support from Microsoft are now using screen locking malware that fakes a failed update to Windows reports Jerome Segura, lead malware intelligence analyst as Malwarebytes.
The malware locks not just the victim's browser but also the entire computer, much like the early days of ransomware, where files weren't encrypted but blocked from being accessed by users. Criminals distributed a Trojan bundled with adware and legitimate programs. Once the malware installed itself, it waits until the PC is next rebooted. As it starts up, a fake Windows Update screen appears and ends with a message asking the user to phone a support number as their Windows product key has expired. More
The two year GDPR honeymoon period started 25 May with industry experts urging business to, " take a hard look at how their data is shared and stored, focusing in particular on any cloud apps in use across the organisation."
On 25 May 2018 - the General Data Protection Regulation (GDPR) grace period is set to end and the law will become effective placing new obligations on any business that handles the data of EU citizens, independent of where the business is located. A recent survey by Trend Micro showed that a fifth (20 percent) of UK IT decision makers are still unaware of its existence. More