QuikSilver and Billabong Affected by Ransomware Attack
Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world. Boardriders has around 10,000 employees from all over the world and its Quiksilver, Billabong, ROXY, RVCA, DC Shoes, and Element brands are sold in over 110 countries.
Understanding the Ripple Effect: Large Enterprise Data Breaches Threaten Everyone
Big businesses are constantly under attack, and that affects everyone from customers and business partners to parties with national security interests. When successful, the initial compromise is only a means to an end — the real goal is to mount follow-on attacks like spearphishing, extortion attempts and account takeover (ATO). And much to the chagrin of security experts, those attacks on household-name companies are growing.
New Stealthy Backdoor Used by Platinum APT in Recent Attacks
The advanced persistent threat (APT) group tracked by Microsoft as Platinum is using a new stealthy Trojan-backdoor malware dubbed Titanium to infiltrate and take control of their targets' systems. What makes Titanium stand out is its use of various methods of hiding in plain sight by camouflaging as security solutions, sound drivers, or software commonly used to create DVDs. Platinum (also tracked as TwoForOne by Kaspersky) has been active since at least 2009 in the APAC region.
Leading ASP.NET host crippled by ransomware attack
A widely-used ASP.NET service provider, used by more than 440,000 customers, was taken offline on Saturday after cyber criminals targeted its systems with ransomware. SmarterASP confirmed this weekend that its hosting services were under attack, with hackers encrypting all the data belonging to itself as well as its 440,441 users. The SmarterASP website, too, was taken offline on Saturday before it was restored the next day.
PayPal becomes phisher’s favorite brand, Office 365 phishing techniques evolve
PayPal has overtaken Microsoft to claim the number one ranking for phisher’s favorites for the first time. Netflix was not far behind as the streaming giant moved up to the third spot with a 14.1 percent QoQ and 73.7 percent YoY growth in unique phishing URLs, according to Vade Secure. Leveraging data from more than 600 million protected mailboxes worldwide, Vade’s machine learning algorithms identify the brand being impersonated as part of its real-time analysis of the URL and page content.
BlueKeep: What you Need to Know
BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.
DHS Warns of Critical Flaws in Medtronic Medical Devices
Critical vulnerabilities impacting Medtronic Valleylab products could allow attackers to overwrite files and achieve remote code execution, the Department of Homeland Security (DHS) warns. An advisory published by the DHS’s Cybersecurity & Infrastructure Security Agency (CISA) warns of three recently patched vulnerabilities in Medtronic Valleylab FT10 and FX8 devices that could allow attackers to install a non-root shell.
AI wordsmith too dangerous to be released… has been released
A text-generating artificial intelligence (AI) algorithm whose creators initially deemed too dangerous to release – given its ability to churn out fake news, spam and misinformation after feasting on a mere headline – has been unleashed. So far, so good, says the research lab, OpenAI. In a blog post last week, the lab said that the researchers have seen “no strong evidence of misuse” of the machine-learning language model, which is called GPT-2… at least, not yet.
