Computer safety has never been more of a necessity, regardless of your location in the world. This week’s cyber news recap spans from Western Europe to Australia, with a variety of threats that everyday users may face themselves.

UK Hospital System Hit with Malware

In the last few days, a hospital network in the UK was infected with what is likely ransomware. This incident has lead officials of the affected hospitals to temporarily shut down all hospital operations until the infection is isolated and removed. While current patients will still receive care, all emergency cases are being transferred to other area locations. It comes as no surprise to see yet another hospital fall victim to cybercriminals due to the lack due to lack of security that’s systematic across the industry.

Flash Player Android App Actually Banking Trojan

Recently, many smartphone users may have noticed an increase in popups requesting payment card information. While initially unsuspecting, upon installation, the app will request administrative rights for the device and begin gathering data from over 90 different banking apps and other social media apps. Consumers using third-party app stores should be extremely cautious as the trojan uses fake overlays to appear as a legitimate application.

Converse Online Store Hacked

In the weeks following the largest data breach in Australia’s history, the country’s online retail site for Converse shoes was hacked. The prime target was payment card information, as is the norm for many of the recent online-retailer cyberattacks. However, the figures for any compromised information are still unknown. Fortunately for any customers that made purchases during that period of time, the site was able to remediate the incident quickly.

CEO Phishing Scam Targets New Zealand Nurses

With email scams always changing and evolving, the weakest point in an organization’s security is still the employees. Earlier in the week, an email coming from the alleged CEO of the New Zealand Nurses Organization requested the email addresses of all 47,000 employees. The recipient swiftly responded with the full list. Unfortunately for the victim, the email wasn’t from a legitimate source or even a company email domain, as the sender was noted to be a Yahoo address.

Google Discloses Windows Vulnerability, Receives Backlash from Microsoft

In the past week, Google released information regarding a zero-day vulnerability in a Windows OS kernel that was actively being exploited in the wild. After disclosing the information to Microsoft to get the issue resolved, they announced a simplified statement about the vulnerability. As some might suspect, Microsoft took offense as they require a more unified public disclosure. Microsoft has also announced a coordinated effort with Google and Adobe to mitigate any negative outcomes of the recent exploits and that a patch will be released in the coming days.

Fake BSOD Lock Screens Popping Up Again

In a nod to screen-locking malware from past years, a new variant has arrived that now requests a simple call to support for assistance. Rather than demand a ransom to remove the fake screen, it provides a number to a fake tech support line and suggests calling them. Fortunately for many users of Windows 8.1 or higher, the malware is disguised as Microsoft Security Essentials, a security software bundle that was removed and replaced by Windows Defender after Windows 7, which would be suspicious to see on any newer OS.

Surprising Value of Personal Records

The value placed on compromised data has a varied range with cyberattacks becoming the norm in many highly lucrative industries. Due to the high return on investment of financial records, they draw some of the highest price tags—$14 to $25 per record. However, data that may take more effort or time to analyze, such as medical records, can demand only a fraction of that for the sensitive information contained within. Because the medical industry is so low-tech in terms of securing patient information, they are a prime target for attacks, as we have seen in recent months.

Adobe Pushes Emergency Patch after Flaw Exploited

Recently, Adobe Systems was forced to issue an emergency patch to stop a flaw that could allow unauthorized code execution through Flash Player. The move came after reports of the vulnerability being exploited were announced. For most users, simply ensuring they are on the latest versions of any Adobe products in use will protect them from this vulnerability. Additionally, many users who have Flash Player through their browser will have the update installed automatically.

Ontario Schools Hit with DDoS Attack

In the same week as the major DDoS attack that affected the East Coast of the US, students preparing for their Grade 10 literacy test were unable to write the exam as the district’s computer systems were targeted with a similar attack. With this year’s exam being the pilot for future online testing, it was a major setback for officials looking to determine its viability, but also a disappointment for students who had been working hard in preparation for the test.

Russian Cybercriminals Taking Bank Attacks Worldwide

After spending the last couple years attacking local banks with cyberattacks, Russian criminals are now expanding their successful attack techniques to other countries. The largest factor contributing to this expansion is likely the value of the Ruble to other international currencies, as local attacks net a lower profit than foreign attacks on countries with a stronger currency. While the group behind the attacks is still unknown, it is likely they are spread through various countries to avoid detection.

DDoS Attack on Dyn Crippled the Internet

A portion of the internet went down after suffering a crippling blow from a series of global attacks on a cloud-based Internet Performance Management (IPM) company, called Dyn. Major websites including Twitter, Reddit, Spotify and even game servers for Battle Field 1 have been affected.

Malware Using Trump’s Name to Entice Users

With the election swiftly approaching, have you started to see an influx in Donald Trump-themed articles and email spam lately? Beware! Malware authors are in full swing creating threats aimed solely to infect users. They are counting on the polarized emotions to leave users disarmed. Take caution this election season and stay safe online.

School District Has Data Breach via Third-Party Vendor

The value of data is remaining higher than ever, and compulsory schools are finding out the hard way. Recently, a third-party data management vendor used by Katy ISD in Katy, TX, was exposed. The vendor in question, SunGard K-12, considers the incident low risk. Fortunately for the students and their families, the data breach was quickly noticed.

Axis Bank Discovers Unknown Login on Internal Servers

In yet another announcement of a bank becoming a victim of cybercrime, Axis Bank in India has made an official claim to the Royal Bank of India that its servers were compromised. Since the discovery, Axis has launched a full investigation, which has reported no unauthorized monetary transfers or signs of customer data loss.

Android Malware Still Affecting Non-Updated Users

In the past few weeks, the Android Trojan known as Ghost Push has continued to spread across older versions of the Android OS. By rooting itself to a device, the trojan is exceedingly difficult to remove, as even a factory reset will prove unhelpful. By displaying a steady stream of ads, the creators are able to profit from the clicks generated. There is a solution–upgrading your device to either Android 6.0 or 7.0 will stop the malware from propagating, as it is unable to root either of these operating systems.

CryPy Ransomware Using Python-Based Encryption

Ransomware authors have taken to new methods of targeting users and improving their profit odds. A a new variant called CryPy ransomware—written using Python—is being used to retrieve multiple RSA key tokens and encrypt a variety of files while allowing some “free” unlocks to the user. I wouldn’t say this is particularly useful, but being able to unlock specific files gives the victim a feeling of hope to recover the remaining and may increase the chances of the ransom being paid.

French TV Network Brought Down By Hacker Group

Earlier this year, it was reported that TV5Monde fell victim to a cyberattack that nearly caused the demise of the network. Rather than gain access to retrieve sensitive information, the attack was aimed at simply destroying any and all network systems. While the reasoning behind the attack is still unknown, it has allowed TV5 to greatly improve its employee security measures and methods for operating safely.

Card Breach at Vera Bradley Retail Stores

Recently, Vera Bradley issued a statement regarding a card-processing breach that occurred over the past several months. The company has since resolved the breach but is still urging customers to monitor their credit card accounts for any fraudulent charges. Currently, only three stores located around Detroit seem to have been affected.

Amazon Pushes out Password Resets for Millions

In the past week, Amazon has started forcing password resets to customers that may have reused their credentials on possibly compromised sites. Along with changing passwords, users are also encouraged to enable two-step authentication to further protect their accounts. While the data leaks aren’t directly related to Amazon’s customers, researchers from Amazon have determined that credentials may have been used for multiple sites.

Ransomware Now Displaying Legal Notice for Victims

In the last month, the new ransomware variant DXXD has been hitting a large number of users. DXXD has made a change in that it displays the ransom note and a legal notification prior to users logging into their windows machine. The legal note explains that the user’s information has been compromised and gives multiple ways to contact the attackers to resolve the encryption.

UK Police Websites Susceptible to Attacks

Nearly 25% of UK police related sites have no form of secure connection according to a recent study. Even more troublesome, the majority of these sites ask for user information to identify case information without ensuring a properly secured network connection or encryption when transferring sensitive data. While many municipalities have improved their online security measures, it’s surprising to see so many still lacking, with new data breaches occurring almost weekly.

Alright, everyone, this week has been a whopper. I didn’t foresee Facebook Messenger adopting full user encryption, but it’s definitely time. And Apple’s move to auto-updating macOS? We can only wait and see how users react. Catch up on those stories and more in this week’s edition of the Threat Recap. Here are five of the major security stories happening this week.

Facebook Messenger Adopts Full User Encryption

Facebook has been rolling out end-to-end encryption for all of its nearly 1 billion Messenger users. This type of encryption allows users to maintain completely private conversations and even enables users to have message “expire” after a predetermined amount of time. While encryption is still an opt-in feature, it is definitely a step in the right direction for keeping users’ sensitive information private.

Apple Moving Towards Updating macOS Automatically

Following the path of Microsoft, Apple has announced that they will begin pre-downloading new macOS updates automatically, without any indication to users. While Microsoft’s attempts to auto-upgrade users to Windows 10 wasn’t as successful as anticipated, Apple hopes that users will be more inclined to follow through with the upgrade since it’s already been silently installed.

Hutton Hotel Warns Customers of Payment Breach

In a year filled with payment processing breaches, yet another hotel has been forced to announce that their systems had been compromised. The Hutton Hotel in Nashville has warned customers from the past year to be vigilant of any fraudulent charges made using their credit cards and has offered free credit monitoring to all patrons who made purchases on-site in the last several years. While the investigation is underway, officials are still unclear as to how the breach occurred or how long ago it may have taken place.

New Iteration of WildFire Ransomware, Dubbed Hades Locker

When WildFire Locker’s servers were taken offline in August, many hoped it would lead to a decline in user ransoms. Unfortunately, the developers were not apprehended and have released Hades Locker, a new ransomware variant that is largely based around WildFire. Once executed, Hades Locker will begin encrypting all files on any mapped drives and appending file extensions to include “.~HL”, while also removing any shadow volume copies to prevent local file recovery.

DressCode Android Malware Found on Google Play Store

Recently, researchers have discovered dozens of popular apps currently on the Google Play store that are infected with DressCode malware. Once the app is installed, DressCode is able to connect the device to a botnet that is being used to drive click fraud. Additionally, DressCode can be harmful if connected to home and work networks, as it has the capability to download sensitive information it finds, along with accessing other devices that are on the network.

Another week, another threat recap. And this week wasn’t without its fair share of cyber incidents. Voter registration misstep? Check. New ransomware? Check. KrebsOnSecurity attack? Check! Here are five of the major security stories happening this week.

Company Security Falls to Outdated Network Devices

With the steady rise in security breaches, one of the biggest contributors is the one companies most often overlook: actual networking hardware. In a recent study done by Cisco, nearly 75% of companies are using outdated, and often completely end-of-lifed products for their networking needs. Even though many of the companies are aware of the vulnerabilities that come with using older hardware, it simply isn’t a concern unless something is actively wrong.

Louisiana Voter Database Made Public

Recently, researchers discovered a database hosted on the darknet that contains the voter registration information for nearly all residents of Louisiana. The database has since been secured by the researcher but, according to Louisiana law, voter information is made widely available to anyone interested in purchasing it for pennies on the dollar. Alongside the voter information, the researcher also discovered an additional database containing the personal records for nearly 7 million individuals from Louisiana.

New Ransomware Claiming Royal Ransom

In the past week, researchers have discovered a new ransomware variant operating under the name, Princess Locker. While it’s not a huge leap in innovation, Princess Locker offers a language selection screen followed by a page listing detailed payment options and a free single file decryption. Unfortunately for victims of this variant, payment starts at 3 bitcoins or roughly $1,800 USD and doubles after three days.

KrebsOnSecurity Taken Offline by Largest DDoS Attack To Date

In what is being quantified as the largest DDoS attack in history, service provider Akamai was forced to take KrebsOnSecurity offline, as the direct traffic to the site hit nearly 600 Gbps and lasted for three days. A possible sign of things to come, the attack seems to have been distributed by a botnet based around compromised IoT devices, which lead to the sheer volume of traffic that was seen.

Biometrics Moving Forward As Use Increases

Following a national consumer survey, as many as 20% of British smartphone users have adopted fingerprint authentication for their devices. With new security breaches occurring at such a rapid rate, biometrics have seen a rise in use as consumers worry over the security of their saved passwords for any number of online services. Many of these users only use the authentication for unlocking their devices, but the capability is there for making online purchases and accessing sites with sensitive information.

It’s that time of week again. Our Threat Recap is bringing you the top news in cybersecurity from new OS releases to remote access of popular cars. Here are five of the major security stories happening this week.

New Ransomware Targets Disk Drives

With the current state of ransomware threatening computer systems around the world, the jump from encrypting specific file types to encyrpting the entire hard drive was inevitable. In the case of Mamba, the latest variant, it begins with replacing the Master Boot Record (MBR) and moves onto encrypting the hard drive itself. Once encryption is complete, the computer will then require a password to unlock, which just so happens to be the decryption key sitting behind the ransom’s paywall.

Remote Access: A Very Real Danger for Tesla

In a recent test, Chinese researchers were able to access several critical and non-critical components of a Tesla Model S. While it may seem benign to have your seat position changed or sunroof opened remotely, these tests have also proven the capability to control brake functionality. They’ve also shown that doors and trunks can be controlled from up to 12 miles away. Tesla has responded with updates to resolve this access, which only seems to occur when the in-dash web browser is in use.

Apple Releases New Mac OS Sierra

Apple announced the release of its latest iteration of the Mac OS, Sierra 10.12. With this update, Apple has been able to remove nearly 70 different security vulnerabilities that had been prevalent in its previous two operating systems. In addition to the OS release, Apple also pushed out Safari 10, the latest update for their web browser, which should also resolve over 20 security issues from previous versions.

Facebook Zero-Day Gives Full Access to Pages

With the continuing rise of businesses using social media to advertise their products and communicate with their customers, exploits are always being researched. Recently, a researcher was able to gain access to any Facebook page by using a bug in the way Facebook deals with its business accounts. By spoofing the Business Manager functionality, the researcher was able to view and edit all associated pages with a given business, without requiring login credentials.

MoDaCo Breach Leaks Data on 880,000 Users

In the past week, MoDaCo, a UK-based smartphone forum, announced they had fallen victim to a security breach. Users of the service have been receiving notifications to change their passwords, although officials are stating that user credentials were all hashed. Researchers have been able to identify around 70 percent of the leaked credentials were already released in previous data breaches, courtesy of Have I Been Pwnd?, a web service that will notify users if their email address has been identified in a data breach.