Tag Archive: Online Security

lockyRansomware, what is it? Defined as “malware for data kidnapping,” it is one of the top security issues in the digital and cloud age, wherein the hacker or attacker encrypts data and asks for ransom (usually a Bitcoin payment) for the decryption key.

Today, another ransomware threatens the online community “Locky” that can hit you if you were ‘unlucky.’ It works similarly like the modus conducted by the banking software Dridex.

How Locky works?

A victim will be sent an email with a Microsoft Word attachment disguising as an INVOICE that requires macro.

[By default, Microsoft disables it due to security reasons. So a user normally will see a warning if an attachment contains it.]

Now if you would enable the macro function, it will run and then download Locky to your PC, according to the Palo Alto Networks.

[It is the same modus operandi used by Dridex, a notorious Trojan that steals banking account details.]

There are suspicions that the distributors of Locky are connected to one of the main men of Dridex because both use the same mode of malware distribution.

If you or your organization happens to be the unlucky target, your files will be unrecoverable unless you have a regular backup or if your data has not been touched yet.

Lately, the Hollywood Presbyterian Medical’s computer system was infected by ransomware in which the hackers ask for 9,000 bitcoins (or approximately US$3.6 million).

Reports indicated that the operators behind Locky may have conducted a large attack. Palo Alto Networks revealed that it had detected 400,000 sessions that used the same downloader “Bartallex,” which is the one that deposits the infection onto a computer system. Over half of the targets were recorded in the United States and the rest included Australia and Canada.

Locky utilizes its command-and-control infrastructure for conducting a memory exchange before encrypting the files.

Kevin Beaumont from Medium said that encrypted files have the ‘.locky’ extension. He wrote guidance on how to figure out who among the people in an organization has been infected and recommended that the active directory account of the victim must be locked and its network access must be shut down. Finally, he said that you are more likely to rebuild the victim’s PC from scratch.

Check out the full story here.

Computer-MouseTech toys are among kids’ wish lists this holiday season. But parents should be warned that even tech toys are subject to online hacking. In a recent report, millions of children have been victimized by online attack on a tech toy manufacturer, Vtech Holdings Ltd. In relation to this, experts advised users to be careful on depositing personal information online and when you do, make sure you use a secured connection. It is also advised to verify the legitimacy of the company or toy manufacturer. Users are also strongly encouraged to be cautious when disclosing any information when purchasing online.

Source: CBC

computer2Black Friday is one of the few celebrated shopping days in the country. The radical increase in online shopping opens opportunity for cyber criminals. To stay safe for Black Friday shopping, follow these steps.

First, keep your devices from the eyes of strangers. Next is to make sure that your computer antivirus is updated for protection. Also, ensure that you use safe and secured connection and avoid using public Wi-Fi connection. Check on the shopping websites and make sure that it is a secured and legitimate site for product shopping. Lastly, check your bank statement and report any suspicious transaction immediately.

Source: Silicon Republic

globe2Businesses are doing everything to keep their data, IT systems, email accounts and mobile devices as safe as they could. Experts have been offering advices but the problem on security is still there. Innovations are being implanted by companies such as huge data analytics to assess risk in software development. However, security risk stands still.

Before doing the technical process like encryption and the likes, let’s start with the basic such as utilizing the use of complicated passwords, using security questions, regular monitoring of your financial data, verifying an attachment before you click it and updating both your anti-virus and OS.

Source: e Week

mail2Romance scams are among the widest scams even in the earlier times. In digital world, romance scams have become more creative through online dating. You can identify romance scams when someone gives you a fake name, when they immediately communicate with their personal email and not in the dating website. These people declare their love so fast without even sending their real photos. They don’t usually come and visit and instead ask for money.

Avoid romance scams by not providing all your personal details. You can also do the verification yourself or ask some of your friends. If it is a fictional character, immediately drop off the dating.

Source: Komono News


October marks the National Cyber Security Awareness Month and in line with this, the Louisiana online users are encouraged by one of their leaders Attorney General James D. “Buddy” Caldwell to take responsibility on the cyber security issues.

In relation to this, Caldwell emphasized the importance of self-education and involvement on cyber security issues at all times by using strong passwords, installing software and anti-virus updates as much as possible. Users must also keep personal information safe and dialog among closed people like family and friends. It is also discouraged to disclose information online and be cautious in reading shared information online.

Source: Myarklamis

Screen-exclamationBetter Business Bureau (BBB) launched an awareness campaign that aims to educate online users about cyber security and how to stay safe on this digital age. Among these practical tips include protecting delicate information, using safe network connections, limiting sharing activities and using strong passwords to secure smartphones.

To narrow down these lips, online users must learn the importance of using complicated passwords in their accounts while controlling the things they share over social media. It is also important to use secured connections and websites at all times. BBB inspires users to educate themselves in using digital gadgets.

The campaign was launched in partnership with STOP.THINK.CONNECT.

Source: Kentreporter

Banking online is one thing that everybody else is concerned about due to the many threats like cyber attacks and identity thefts. Doing it from the comfort of your own home is one of the few that you can do in order to keep your account, personal information and transaction secure. However, it does not mean that you are immune from any attacks online.

It is evident that the “2-step verification” process, where you or any other user, is required from online account holders that requires the use of a PIN number and a customer password, but that is already been conquered by online thieves. What banks utilize and provide nowadays are card readers where you now need to confirm a payment detail through the card reader. For more details regarding this post, click on the link below.

Source: We Live Security

Computer-ErrorThere has always been misinterpretation about online security especially when it is viewed on experts and non-experts’ perspective. Among the security measures that you must observe at all times, that you might overlook is the use of two-way authentication to avoid people from resetting your passwords without your knowledge.  Do not use similar passwords for several accounts. If you run out of words to use, you can use a password manager to create a password for you. For more security purposes, you must install patches and updated antivirus software. Lastly, make sure that the sites you visit are safe by looking at the HTTPS on the URL tab.

Source: Forbes

Screen-exclamationA human click is considered as the weakest link in an organization’s security chain. According to reports by Trend Micro, 91% of online cyber-attacks take place when malware or virus is delivered through infected links, emails, and downloads. If an employee happens to receive an email with an infected attachment, it is only to be expected that such employee will subsequently open it. As a result, the entire company’s data will be put in jeopardy. In order to strengthen this weak link, creating and maintaining awareness within all levels of an organization is a necessity. Visit Information Age to know more.

Source: Information Age