This week’s attack, called Petya and NotPetya in the media, is not necessarily a new form of ransomware; however, the way it evolved has experts questioning whether it is different enough from the original to be considered something other than a variant.
Earlier today, a phishing campaign spread across global inboxes. These emails were given legitimacy by appearing to be from someone the recipient recognized. There were a couple clues that could help users identify it as a non-legitimate request.
Popular payroll company ADP is warning of a sophisticated phishing attack using emails that impersonate ADP business. The attack email in question warns of a Past Due invoice. These emails appear as if an ADP.com account was used as the sender. Mytech has most commonly seen “billing.address.updates@ADP.com"; but other addresses including “Francisca.Hopkins@adp.com” are also common.
SUPERVALU announced on Thursday (7/14/2014) that it experienced a criminal intrusion into its payment card transaction network. The intrusion may have resulted in the theft of account numbers, expiration date, and cardholder’s names. The intrusion was identified by an internal team and quickly contained. Third-party data experts are assisting in determining the scope of the incident.
Illegitimate spam messages are not just annoying, they often contain threats to your network security. One particularly dangerous form of these threats is what has become known as "phishing" attack. This involves tricking people into clicking a hyperlink in their email that takes them to what appears to be a legitimate website. Once the user arrives at the fake site they are usually prompted to enter personal information, and then that personal information can be used by the attacker in a variety of bad ways.
Google has recently discovered a problem with a Certificate Authority (CA) in India that has been improperly issuing SSL certificates. The risk from this practice is that a browser might believe a malicious website is a legitimate site.
This is an RCE vulnerability in OpenSSL and all versions are technically vulnerable. However this is more of a concern with SSL VPN protocols than with HTTPS. There’s another separate man-in-the-middle (MITM) vulnerability too, and it’s probably worth updating… but really shouldn’t be as bad as both ends of the connection would have to be vulnerable for an exploit to work, and only version 1.0.1 is actually vulnerable on the server side.
Security researchers have released details about a vulnerability in Internet Explorer 8 that could allow bad actors to take control of a computer. At the time of this writing, Microsoft has not released any news of a security update to resolve this vulnerability. While there are some mitigation steps that can be taken to prevent an exploit, Mytech believes that most of our clients are not at elevated risk from an attack.
Online auction mega-site eBay recently disclosed a major data breach from earlier this year that exposed personal information of an unknown number of users. While the scale of the breach is a bit fuzzy, the fact that the attackers had almost unrestricted access to the company corporate network for an extended period is very worrisome. eBay maintains that financial data was not accessed, but personal information including physical addresses and date of birth was in the database that was compromised.
A very severe vulnerability has been recently discovered in all versions of Internet Explorer for all versions of Microsoft Windows. This vulnerability would allow an attacker to execute remote code if a user visits a malicious website. This vulnerability is being actively exploited in the wild, which means that there are confirmed cases of attackers targeting websites right now.