Cyber Bites

WordPress is introducing WSOD (White-screen-of-death) Protection, the equivalent of a WordPress Safe Mode. The feature will allow WordPress to recognise when a fatal PHP error occurs and can identify what and where the error originated from. The feature has raised concern among researchers who warn that the new feature could be used to disable security plugins and put WordPress sites and blogs at risk. Source: ZD Net

191, 970 bad ads and an estimated 1 million users have been impacted by a Malware in Ad-based images, researchers have discovered. A massive adware campaign that hides malware in image files using steganography techniques has impacted up to a million Mac users. When a user clicks on an infected image, the malicious ad infects the Mac user with the Shlayer trojan. Source: Threatpost

Named hAnt, this ransomware strain was first identified in August 2018, but new infections have been reported this month. The ransomware targets Bitcoin mining rigs with most infections located in China. hAnt infects a mining rig, locking up the device and requesting that 10 Bitcoin ($36,000) ransom is paid or the victim must infect at least 1000 other devices to remove the ransomware. Source: ZD Net

Anatova ransomware emerged on 1st January 2019 and was discovered by security researchers at McAfee. The software is infecting users around the world by posing as an application or game. Users are tricked into downloading and launching these malicious files onto their computer. The largest number of victims are in the US but the ransomware has also been spotted in Belgium, Germany, France and UK. Source: ZD Net

24 million financial and banking documents have been found on an unprotected server, running an Elasticsearch database. The server had decade’s worth of data, including highly sensitive financial data, social security numbers, names, loan and mortgage agreements, and repayment schedules. The leak was traced to Ascension, a data analytics company, that converts paper documents into computer files. Source: Techcrunch - find out more

Threat Researchers at Securonix have reported a rise in attacks that target vulnerabilities in Hadoop components, such as Hadoop YARN, Redis and ActiveMQ. The researchers warned of an increase in the number of multi-vector and multi-platform automated attacks against cloud infrastructure over the past few months. These attacks frequently include crypto mining, ransomware and botnet malware. Source: The Register

New stealthy tactics have allowed DDoS attacks to past detection mechanisms, with attacks against Internet services providers increasing in the 3rd quarter of 2018, new research by Nexusguard has revealed. DDoS attackers are spreading attack traffic across many IP prefixes in attempts to overwhelm targeted sites and ISPs. The attack traffic within each IP is small, which allows it to avoid detection by DDoS mitigation technologies. Source: Dark Reading

265 researchers from around the world have taken down 100,000 Malware distribution websites as part of a campaign known as URLhaus, a project started by abuse.ch, a non-profit cybersecurity organisation in Switzerland. The project started in March and has a recorded daily average 300 submissions.  However, web hosting providers are still slow to respond to abuse complaints and the average takedown time is more than a week. A lot of work still needs to be...

Avast, a digital security company, has discovered that 55% of PC applications are out of date, a 7% rise since 2017. If applications are not updated, then users can be targeted by hackers and malicious software because security updates which fix exploits and vulnerabilities will not have been installed. PC users are recommended to regularly check for security updates. However, many users are unaware of the threats posed by out of date software. Windows 7...

A survey carried out by SAS, a software analytics company, has revealed that two thirds of US consumers want the government to do more to protect their data privacy. 73% of respondents said they are more concerned about their data privacy now then they were a few years ago. 83% of people who thought the US needed more data privacy regulation also wanted the right to tell an organisation not to share or sell their...