Fourth of July Malware Campaign Targets Vacationers
Cybercriminals Launch Carefully Timed Malware Campaign to Coincide With Major US Travel Holiday
SUNNYVALE, CA — (Marketwired) — 07/04/14 — Researchers from Proofpoint, Inc. (NASDAQ: PFPT), a leading security-as-a-service provider, have discovered a nasty piece of malware which is targeting vacationers who visit US travel sites, just in time for the July 4th holiday.
The discovery shows that popular travel destination websites for cities including Boston, Salt Lake City, Houston, Monterey, Rochester, Myrtle Beach,Victoria and Utah Valley have been exploited and are serving malware to unsuspecting visitors. Proofpoint can also confirm that the command-and-control infrastructure of the cyber criminals behind the attacks all appears to be based in the Ukraine.
In response to the discovery, Mike Horn, VP, Threat Response Products at Proofpoint, said: “This is a good example of how poorly protected websites play a big role in the distribution of malware. Users might be directed to these sites by a search engine and they have no idea that just by visiting the site they can become infected. We are also seeing a large number of phishing campaigns which direct people to the legitimate travel sites which have …
Businesses should not only know about Heartbleed, they should have already implemented Heartbleed fixes by now. If your bank, favorite online merchant, or software provider hasn’t yet, close your accounts and find new ones. That’s my first bit of advice on how users should handle Heartbleed.
Heartbleed really is that bad. Your user-ids, your passwords, your credit-card numbers, everything you place online is potentially in play for hackers. You can not fool around with this.
So, as I said earlier, get ready to change all your passwords. Yes, every last damn one of them. Were your favorite sites vulnerable? You can check specific sites with the Heartbleed test, LastPass Heartbleed checker, or the Qualys SSL Labs test. The first two just check on Heartbleed while the last checks for other possible Secure-Socket Layer/Transport Layer Security (SSL/TLS) and awards sites a grade from A (the best) to F (failure).
This article will give you all the details. Needless to say, don’t accept any notice to either give information or change passwords in this case. Do all of that from inside the service such as Facebook or Hotmail itself. Otherwise you hand the bad guys the keys to your online life and Katie bar the door! …
A new smarter, more deadly virus called Stuxnet has targeted power plants in Iran. The virus is particularly powerful and has already launched itself against power plants in India and Russia. According to some reports, power systems have been held hostage for ransom and in one case may be responsible for a death. Agencies that oversee US power grids claim that no successful penetrations have happened here although other reports indicate that our systems featuring Siemens software are vulnerable. Full StoryGary Baker …