ICYMI: Windows 10 hack, Bank attacks and slow DDoS

This week's 'In Case You Missed It' column looks at the five most-read articles on SC this week, from hacking of Windows 10 and exploits on patched Macs to bank attacks and DDoS.

ICYMI: Windows 10 hack, Bank attacks and slow DDoS
ICYMI: Windows 10 hack, Bank attacks and slow DDoS

Hackers use Windows 10 to install ransomware on computers

Users have been warned not to fall for a scam that pretends to be a Windows 10 installer but in fact installs ransomware instead.

The email scam was discovered by security researchers at Cisco. Hackers have sent out emails claiming to be from Microsoft with an email attachment. The scammers claim the zip file is the Windows 10 upgrade, but in fact is its origins are from an IP address in Thailand. The email colour scheme is very similar to the Windows 10 update app.

RBS and NatWest bank attacks should have been mitigated

The attack, which disabled the RBS and Natwest Bank online services last Friday morning, appears to be part of a renewed trend of DDoS attacks against the banking industry

According to law enforcement sources in America and Europe, distributed denial of service (DDoS) attacks against banks and other financial institutions are increasingly accompanied by ransom demands. Given the critical importance of the banking sector to customers and the economy, some security experts have told SCMagazineUK.com that the banks should have been prepared to mitigate the attack.

Zero-day exploit hits fully patched Macs

Security researchers have discovered a zero-day vulnerability that affects the latest, fully patched version of OS X. It is thought the flaw, affecting OS X 10.10.4, has already been used by hackers.

The problem lies with a new error-logging feature in OS X, which can be exploited by cyber-criminals to create files with root privileges onto a target Mac without requiring system passwords.

Online cards company Moonpig breached again

Online greeting card company Moonpig admitted earlier this week that it had suffered another security breach, which led to user details being published online.

The UK-based firm began contacting subscribers about the breach on Wednesday, and issued the following response on its website: “Late on Friday, 24 July, we became aware of a security issue whereby a number of Moonpig customer email addresses, account balance and passwords had been illegally published. As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com.”

Ping of Death: How an adorable sounding DDoS attack can wreak havoc

Small doses of poison can add up to a lethal cocktail of DDoS in what is being called the ping of death, says Sophie Davidson.

Pretend for a moment that you're a nefarious type of person. Naturally, you have enemies, one of whom owns an electronics store. Black Friday happens to be just around the corner and your enemy is planning on setting up a roof display to let everyone know about his insane discounts. But you certainly don't want him to be able to rake in major money. So you twirl your pencil-thin moustache and hatch a plan to literally bring his roof down and make his store unavailable to customers.

After some thought, you arrange a delivery of a rooftop display that looks like it's coming from the store's franchising company. The electronics store owner hires some temporary worker drones to work overnight putting up the display, and what do you know? The delivery boxes just keep coming. One at a time the workers bring this almost endless stream of boxes to the roof and assemble the display. It wouldn't have been possible - or smart for that matter - to send a display big enough to bring down a roof all in one shipment. It would have been too big to be delivered, and too big to bring up to the roof. But a display of that size, delivered in smaller pieces, and then assembled on the roof? Nice knowing you, roof.

That's more or less how a Ping of Death (PoD) DDoS attack works: small doses all adding up to devastating results.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US