KnowBe4 backs its training with a crypto-ransom guarantee

Ransomware attacks like CryptoLocker have been plaguing users for a while now. The recent shutdown of the Gameover Zeus botnet has led to a dramatic decline in these types of attacks, but you can expect that cybercriminals will regroup and launch new ones soon enough. But KnowBe4, a company that offers security awareness training, is so confident it can teach users to protect themselves, it's offering to pay the ransom if a customer falls victim to a ransomware scheme.

Ransomware attacks like CryptoLocker compromise a PC by encrypting all of its data (and possibly all data on connected external or network drives as well) and holding it ransom. The attackers demand payment—often in the form of Bitcoin which is more difficult to trace—in exchange for providing the key necessary decryption key.

The FBI estimates that more than 200,000 users have been affected by ransomware, including CryptoLocker, CryptoDefense, and CryptoBit—accounting for somewhere in the neighborhood of $30 million worth of ransom payments in the last quarter of 2013 alone.

Read more »


How to protect yourself against Gameover Zeus and other botnets

The U.S. Department of Justice announced today that the Gameover Zeus (GOZ) botnet has been taken down in an effort dubbed “Operation Tovar.” The action was the result of a multinational effort between government agencies, law enforcement, and private companies to shut down the massive botnet responsible for more than $100 million in losses for victims. The cooperation necessary to take down the botnet is impressive, but there will be more, and it’s important for individuals to understand how to avoid falling victim to these threats.

CrowdStrike is one of the private companies that was heavily involved in Operation Tovar, and it worked with the United Kingdom’s National Crime Agency, the FBI, Europol, global law enforcement, and other players in the private sector. Adam Meyers, VP of intelligence at CrowdStrike, described the results of Operation Tovar. “Over 500,000 infected machines were effectively disconnected from criminal control,” he said. “The actors behind GOZ and Cryptolocker, which were both impacted by the recent actions, have done significant damage against unsuspecting victims.”

The U.S. Department of Justice announced that “Operation Tovar” has taken down the Gameover Zeus botnet. 

Read more »


Latest eBay flaw is a rookie mistake for a website

When it rains it pours for eBay. Less than a week after the popular website revealed it was the victim of a massive data breach and directed users to change their passwords, researchers have discovered that it is vulnerable to serious flaws that could allow an attacker to access user accounts. Individuals need to know how to guard against falling victim to these security issues, and other businesses need to learn from eBay’s mistakes and do a better job of protecting resources on the Web.

The flaw in question is a cross-site scripting (XSS) vulnerability discovered by a 19-year-old college student in the United Kingdom. An XSS flaw can allow an attacker to inject malicious code into an otherwise legitimate website. The attacker can intercept a user’s session cookie enabling them to gain access to the user’s account and interact with the site as that user.

ebay vulnerability Jordan Lee Jones

A U.K. based security researcher showed how eBay is vulnerable to a cross-site scripting attack that could potentially be used to hijack user accounts.

Read more »


eBay hack could result in social engineering schemes

You’ve probably heard by now that eBay is the latest victim of a massive data breach. The popular site has asked users to reset their passwords as a precautionary measure, but the data that matters most is already compromised, and there is nothing you can do to “reset” it.

Details are still sketchy—sort of standard operating procedure for data breach incidents. What we know is that the breach occurred between February and early March, but was just recently discovered. eBay claims that email addresses, encrypted passwords, names, addresses, telephone numbers, and user’s birth dates were compromised.

Read more »


Why a larger Surface Pro makes more sense

Microsoft is hosting a media event in New York tomorrow, ostensibly to unveil new models of its Surface tablet line. Most of the speculation suggests Microsoft will announce some sort of “Surface Mini,” but a larger “Surface XL”—or something to that effect—would be much more useful.

I speak from experience. Most of the time, I’m working from the comfort of my home office and the Surface 2 is locked in its docking station, connected to a 29-inch ultrawide monitor, full keyboard, and wireless touchpad. In that scenario, the Surface Pro 2 functions as a PC, and the fact that it’s a tablet is largely irrelevant.

surface pro 2

The Surface Pro 2 is good, but when working on the road a slightly larger Surface model might come in handy.

Read more »


Attack of the clones: detect fake antimalware with these tips

Security researchers have been stressing the dramatic rise in mobile malware for a few years now—which naturally leads to more users downloading and using some sort of mobile antimalware app. But now even malware protection has become a risk: last month the popular Virus Shield Android app was outed as fraud, and this week Kaspersky announced the discovery of a pair of fake apps using its name in the Google and Windows Phone app stores.

This shouldn't be surprising. When cybercriminals find an attack vector that works, it doesn’t take long for copycats to come along with knockoffs.

securityshowdown primary

Beware: That security app you're downloading might actually be malware.

Read more »


FCC puts first nail in the coffin of net neutrality

The FCC has voted to start the formal process of establishing new “Net Neutrality” rules. More accurately, the FCC has begun the process of killing the concept of net neutrality in favor of a system that lets broadband providers make money from both sides and charge companies for faster, priority delivery of Internet content.

Tom Wheeler, the FCC Chairman and former telecom lobbyist, pushed forward with a vote to begin the formal consideration process in spite of a backlash against his proposal. The rules are not yet in place—today’s vote simply begins a four-month period for public comment providing an opportunity for supporters and opponents to weigh in before the FCC moves forward to actually implement the new rules.

tomwheeler2 300x300

FCC Chairman Tom Wheeler pushes ahead with contentious "net neutrality" plan.

Read more »