Miya Payton reports: 信和大金融荣获国家信息安全等级保护三级认证
Augusta University says a phishing attack hit faculty email accounts containing the health information of patients. A spokesperson for A-U confirms less than one percent of patients are impacted by the security breach. Officials say an unauthorized third party broke into the medical faculty email accounts.
Read more on Fox54.
The code of another worm has been dumped online, security researchers from Recorded Future found. It seems that over the past several months, the Houdini worm has been posted hundreds of time on paste sites.
Houdini, also known as H-Worm, has been around for about four years. Back in 2014, it was reportedly used in attack campaigns in the Asia-Pacific region, while last year it was associated with an espionage campaign in the Middle East.
According to a blog post signed by the security researchers from Recorded Future, they noticed an increase in malicious Visual Basic scripts on paste sites. After looking closer into the situation, they figured that most of these scripts were actually Houdini's code.
What's more, it seems that a single individual was behind all these dumps. “The individual(s) reusing this Houdini VBscript are continually updating with new command and control servers,” the researchers wrote.
213 posts were discovered on paste sites, which included 105 unique subdomains, 1 domain, and 190 hashes. Researchers say that some of these posts were exact matches, while others used the same domain, but featured multiple other changes within the VBscript.
“After analyzing and executing one of the VBScripts in a controlled environment, we were able to confirm that the VBScript communicates to the C2 server defined within the script. It then copies itself into a directory and establishes persistence by creating a registry key in one of the startup locations,” reads the report.
The analysis further shows that the domains and subdomains discovered in the pastes are from a dynamic DNS provider. Some of the active malware samples communicate with at least one of the past sites, as well as to the host defined in one of the VBscripts. 烟台银行惠农金服助农取款便利店正式启动
Some of the subdomains appeared to be a play on the name Mohammed Raad. Running the name through Google returns a Facebook profile of an individual who claims to be part of Anonymous in Germany and uses Vicswors Baghdad as an alias.
Researchers believe that this actor may also be involved in testing out and possibly configuring an open source ransomware called MoWare H.F.D.
Researchers suggest some of the language in the original ransom note contain regional Chinese dialects
As the world works towards identifying the perpetrators of the WannaCry ransomware campaign, one group of cybersecurity researchers says they’ve likely determined the native language of the writer of the ransom note, another potential step towards attributing the attack.
A number of cybersecurity firms have tentatively linked the attack to North Korea, but now analysis of WannaCry ransom notes in 28 languages by researchers at Flashpoint has led them to the conclusion that those behind the ransomware text are likely Chinese speaking.
Analysis of the ransom notes found that only the Chinese versions, both simplified and traditional, and the English versions, are likely to have been composed by a someone who spoke those languages.
Researchers suggest that minor errors in the Chinese ransom note mean it was typed using a Chinese-language input system.
Meanwhile, while the English language note is said to have been written with someone with a “strong command” of English, a grammatical error in the note suggests the author is not a native English speaker.
The other 25 ransom notes – in languages including Russian, Spanish, Turkish and Korean – have all been translated using Google Translate, with the English language version of the ransom demand used as the source text for machine translation. Security-Frontline-安全前线
However, when researchers tested the text with Chinese-English and English-Chinese translations, the results were inaccurate, further suggesting that the Chinese note wasn’t developed by using machine translation from English.
Other signs also point to a Chinese author; for example, one term for “week” is more common in South China, Hong Kong and Taiwan, while the term used for anti-virus is more common the Chinese mainland.
In addition to all of this, researchers note that the Chinese ransom demand is longer than those of other languages, with additional content and a differing format, again suggesting that it is written by someone who could speak the language.
Overall, linguistic analysis of the notes lead Flashpoint to conclude “with moderate confidence” that the Chinese ransom note was written by a fluent Chinese speaker and served as the original source for the English version, which was then used as the basis of machine translation for other notes.
Researchers therefore suggest that it’s highly possible that Chinese is the authors’ native tongue. However, they also suggest that it isn’t possible to rule out misdirection on behalf of the attackers, who might have used the machine translation to hide their native language.
Some security firms have linked the cyberattack to the Lazarus group, a hacking operation connected to a number of high-profile cyberattacks in recent years including the $80m Bangladeshi cyber bank heist, as well as attacks against financial institutions, banks, casinos, and systems used by software developers for investment companies around the world. Researchers at Symantec say there are similarities between code linked to these Lazarus campaigns and the code behind the WannaCry ransomware outbreak, which they suggest means the two campaigns could be linked to the same author. While some say the Lazarus hacking group works on behalf of North Korea, the group is actually believed to operate out of China, something which would lend weight to Flashpoint’s conclusions that the authors are fluent in Chinese. However, there’s also the possibility that a group which just happen to have members who are fluent in Chinese are writing notes in the language to throw authorities off the scent.
The WannaCry ransomware epidemic hit over 300,000 PCs around the globe, using worm-like capabilities to spread and infect Microsoft Windows machines, particularly those using older operating systems.
While most of the affected organisations have now returned to normal, some are still recovering almost two weeks on from the outbreak.
READ MORE ON WANNACRYWhy was the WannaCry ransomware attack so widespread?Ransomware: An executive guide to one of the biggest menaces on the webWindows XP hit by WannaCry ransomware? This tool could decrypt your infected filesHow to defend yourself against the WannaCrypt global ransomware attackRansomware: WannaCry was basic, next time could be much worse
Right now if you buy a Dash Button, Amazon will give you one for free in honor of National Pet Week, this week. But they’re still giving you the $4.99 credit after the first time you use it. So that’s two Dash buttons for free, really (typically Dash buttons cost $4.99). Amazon Dash is a simple Wi-Fi connected gadget that lets you order your favorite things with just the push of a button. Keep it by your washing machine, your pet food, or in the bathroom closet. When you notice you’re running low, just press the button and Amazon ships it right out. Each button gets tied to a specific product from Amazon’s library of over 300 brands, in categories such as (click each category to see samples) household supplies, beverage & grocery, health & personal care, beauty products, pets, kids & baby, and more. Access this deal on Amazon.
This story, “Amazon’s 2-For-1 Dash Button Deal Actually Nets You Two Free Dash Buttons – Deal Alert” was originally published by
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
At a Glance
Amazon Dash Buttons
Our DealPost commerce team presents the best deals on products and services from online retailers and our partners.
A new research report takes an unusual angle. Rather than analyzing a threat or an attacker, it looks at the psychology of the user — or more specifically, the user of smartphones and apps. What it found is that the modern use of apps is so interwoven with daily life, they have almost become part of their users’ DNA.
The Application Intelligence Report (AIR: PDF) is a new intelligence survey produced by A10 Networks. A10 surveyed 2,000 business and IT professionals in more than 20 different countries — and it is important to note that these were professionals rather than unemployed teenagers glued to their phones.
The purpose, says Andrew Hickey in an associated blog, a director at A10 Networks, is to “better understand how the global workforce’s experiences and behaviors with apps impact personal and corporate security… Why they use them. Their perception of personal and business security when using them. And potential behavioral risks to businesses and IT teams.”
The result is sobering, and could fuel a raft of psychology and sociology theses. It first demonstrates how apps and their use is deeply interwoven into everyday life. For example, 42% of respondents globally say they ‘cannot live without their apps’ while another 44% said ‘it would be a struggle’ to live without them.
The detail varies by both age demographic and geolocation. Newly emerged and emerging economies seem particularly attached or reliant on their apps: China (99%), India (97%), Brazil (96%) and South Korea (90%). It is the older economies that seem less reliant. Germany ranks highest of participants who say, ‘I can easily live without apps’ (30%), followed by France (23%), and Great Britain and Japan (21%). Similarly, respondents under the age of 40 are much more likely to say they cannot live without apps than those over 40.
This basic pattern largely repeated itself throughout the survey. For example, in an emergency that would allow people to take only one item, 45% of respondents elected to grab their phone. It was 74% in China, but only 29% in France.
While details such as these are interesting and possibly surprising (perhaps depending on the reader’s geolocation and age demographic), it is the attitude towards security that becomes sobering. “At least four out of five (83%) respondents either agree or strongly agree that they think about security risks when first downloading an app,” says the report, “but after that, security becomes much less of a thought or priority in dictating behavior.”
One reason seems to be a belief that it is the developer, or the company IT department, that is responsible for app security. Forty-seven percent of respondents “expect to be protected from cyber-attacks by either their company or third-party app developers.”
This lax personal attitude to security best shows itself in the use of passwords. One in 10 (11%) of all respondents said they never change their passwords for their apps, while another three out of 10 (29%) use the same password for the majority of their apps. Fewer than one in five (17%) use a different password for every app. The usual demographics apply: 50% of the 21-30 demographic either never change passwords or use the same password the majority of the time, compared with only 26% of those aged over 50.
Surprisingly, the US (49%) is second only to South Korea (52%) in using the same password for the majority of apps — but less surprisingly, Germany leads in best practices for those who use different passwords (34%).
The effect of poor personal security is born out in practice. Globally, 13% of all respondents have been the victim of identity theft. This grows to 39% in China (a figure that, pro rata, suggests more people than the entire population of the US). Thirty-one percent of respondents have had their phone hacked; and 24% of respondents under the age of 30 have had their phone stolen.
A10 Network draws few conclusions from this report, instead inviting its study and promising to ‘dig deeper’ in the future. “From a cultural perspective,” blogs Hickey, “IT can study the app-blended life, consider user behavior as a factor in security planning, build enterprise-wide security awareness and influence a security-minded culture.
“And from a technology perspective, IT pros can use this data to make the case for improved per-app visibility, per-app analytics, performance, removal of security blind spots and implementation of tighter controls across all application environments.” But one thing is immediately obvious: companies with a BYOD policy cannot afford to leave the security of mobile devices to the user. Security-Frontline-安全前线