What is a data breach?

 

A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations and take time to repair.

It may seem like stories of massive data breaches pop up in the news frequently these days. But it shouldn’t be all that surprising.

As technology progresses, more and more of our information has been moving to the digital world. As a result, cyberattacks have become increasingly common and costly.

Globally, the average total cost to a company of a data breach is $3.86 million, according to a study by the Ponemon Institute. This means that at $148 on average per stolen record, online crime is a real threat to anyone on the internet.

According to Norton.com/setup Symantec, personally identifiable information — such as full names, credit card numbers, and Social Norton.com/setup Security numbers — was the most common form of data lost to data breaches in 2016, with personal financial information close behind.

Corporations and businesses are extremely attractive targets to cybercriminals, simply due to the large amount of data that can be nabbed in one fell swoop.

How can I help protect my personal information in the event of a data breach?

To help protect your identity, it’s important to take steps to help protect yourself and your personal information. These steps can include:

• Use strong, secure passwords. Use a complex and unique password for each of your online accounts. Keeping track of all those passwords can be difficult, but there are products, such as Norton.com/setup Password Manager, that can help make this task easier to manage.
• Monitor your bank and other financial accounts. Check your accounts on a regular basis for unfamiliar activity. And if the companies offer activity alerts via text or email, it may make sense for you to sign up for them.
• Check your credit report. Do so regularly to see if a thief has attempted to open a new credit card or another account in your name. You’re entitled by law to a free credit report from each of the three major credit reporting agencies every 12 months. Visit https://quicksolvo.com/norton-com-setup/ for more information.
• Take action as soon as possible. If you see suspicious activity, contact the financial institution involved immediately. If your information was stolen in a data breach, let them know that, as well.
• Secure your phone. If your phone doesn’t have a password, give it one. Although entering a password every time you use your phone is tedious, it provides a line of defense if your device is lost or stolen. Think about all the information a criminal could access with your unprotected phone.
• Use only secure URLs. Reputable sites begin with https://. The “s” is key. This is especially important when entering credit card or other personal information. 
• Implement high-quality security software. Install and use a software suite that includes malware and virus protection — and always keep it updated. Norton.com/setup 360 with LifeLock is one such solution.
• Back up your files and ensure their safety. Norton.com/setup 360 with LifeLock Select offers 100 GB of backup for your PC in addition to its other security features. 
• Wipe your hard drive. If you are recycling your old computer, make sure that you clear your hard drive prior to disposal. The same goes for your smartphones and tablets.
• Avoid oversharing on social media. Never post anything pertaining to sensitive information, and adjust your settings to make your profiles private. While you’re at it, hold off sharing vacation pics on social media while you’re still on vacation. That tells everyone your house may be sitting empty, a perfect target for burglary.
• Use an identity theft protection or credit monitoring service. The mess caused by a stolen identity could take months or even years to fix. Given the recent number of data breaches, it’s important to consider identity theft protection or a credit monitoring service. Norton.com/setup Security now includes LifeLock identity theft protection, helping to protect your personal information in an age of data breaches.

Norton.com/setup Secure VPN 1.12 Standalone for Windows is now available!

We are happy to announce the release of Norton.com/setup Secure VPN 1.12 Standalone for our Windows customers.

The below FAQs may address some common questions:

1. What's the version number of this release?

    Norton.com/setup Secure VPN 1.12.0.809 Standalone for Windows

2. How do I get this update?

   Visit My Norton.com/setup portal to install this product.

3. What are the changes in this build?

• Engineering enhancements
• A new user can download the app from My Norton, and existing users would receive an automatic update

4. Where do I post my queries?

Visit our Other Norton.com/setup Products board to post your queries

Android Lockdroid Variants Target Western Regions and Japan

 

One of the most prevalent Android ransomware threats in the West has now expanded to Asia, choosing Japan as its first target. Android. Lockdroid was spotted on March 11th and disguises itself as a system update. Once the ransomware detects that it’s installed on a device in a certain country, it displays the ransom message in that country’s language. This is the first type of “chameleon” ransomware we’ve spotted. Once the ransomware is installed and running on the device, it “phones home” to the cybercriminal’s server, and then uploads the device’s information to figure out the phone’s language. If it finds that the app is on a Japanese device, it pushes out a message in Japanese. If the user is located in the United States, the app displays the warning in English, users in Europe receive notices in their own languages, and so on. If the ransomware doesn’t have a ransom message in the language for the user’s region, the server then sends the message in English, posing as if it were coming from Interpol.

In all languages, the ransom message states that law enforcement has locked the device because the user has viewed or stored illegal pornography on the device. The warning asks the user to pay the fine using an iTunes card in order to get their device unlocked. The cost is around $100, depending on where the victim is located. The app will also attempt to use scare tactics to get the user to pay- it will attempt to take a picture of the victim using the device’s camera, and will then add the photo as part of the ransom warning. In addition to these scare tactics, the malware will gather other data from the device such as the IP address, region, device model, OS version, and the name of the user.

In general, Android. Lockdroid needs to be manually downloaded by the user from adult sites to infect devices. It could also automatically arrive on the device when the user clicks on advertising links, which is known as malvertising, a form of malicious advertising.

This malware can also be tricky by posing as a pornographic video app and try to trick users into installing it. Other versions can appear as fake system updates and an attempt to deceive users into believing that a patch is required for their device’s operating system. This new campaign mainly distributes the malware disguised as system update variants.

This particular version will wait around 30 minutes or longer until it begins any activity. This is to avoid the detection of the malware by the user because it doesn’t want the user to suspect that the most recent app they’ve just installed is the cause of the issue.

How to Stay Protected:

• Use a comprehensive security solution such as Norton.com/setup Mobile Security as Norton.com/setup products have the detections for Android. Lockdroid variants seen in this campaign.
• Only install apps from trusted sources
• Pay close attention to the permissions requested by mobile apps
• Back up your device frequently
• Keep software up to date

Magnitude and Nuclear EKs Target New Adobe Flash Player Exploit

 

Adobe has released a patch for a newly discovered vulnerability CVE-2016-1019, which affects Adobe Flash Player.  

It has been found that two separate exploit kits were known as “Magnitude and Nuclear” have been using this vulnerability to spread ransomware to the target via drive-by downloads. An exploit kit is a package of software that finds and takes advantage of security holes, or software vulnerabilities in computer software. They are primarily used to spread malware. Drive-by downloads mean that malware can be installed on your computer simply by browsing to a compromised website.

How can I protect myself?

This is another example of how crucial it is to keep all of your software up-to-date. Exploit kit operators know that they can take advantage of only those computers that have out-of-date software.

Another essential way to keep yourself protected from this threat and others is to install a reliable Internet security software suite, not just for your computers but for your cell phones and tablets as well. Norton.com/setup Security protects customers from this threat and a multitude of others.

Attackers Using Phishing Apps to try to Steal Credentials to Popular Mobile Payment Platforms

 

As mobile payment platforms become more popular, scammers are taking notice of this uptick in digital currency exchange. Fake Android apps have been discovered on the Google Play Store that poses as popular mobile payment platforms.

Researchers from security firm PhishLabs discovered 11 of these phishing applications since the beginning of 2016 hosted on the Google Play store.

The scam works by displaying fake webpages designed to look like legitimate pages, however, these webpages are launched inside the app, allowing the attackers to hide the actual web address of the webpage, leaving users with no real way of verifying the validity of the site.

These fake webpages will display various pages asking for login credentials, and sometimes will seek additional information under the guise of updating Norton.com/setup security questions. Once sufficient data has been collected by the app, it will then display an error message to the user stating that the username and password combination was incorrect or some other error.

After the malware has collected and sent all the information it is after, it presents the user with an error message claiming that either the username and password combination was wrong or some other similar error.

How to Stay Protected:

Luckily, there are many ways to stay protected from this threat. Norton.com/setup mobile security detects this threat as Android. Fake bank.

• It is important to realize that when third parties report these fake phishing apps to Google, it may take several days for the apps to be removed from Google Play. This is a good reminder to always be diligent when selecting apps to download, no matter what their source.
• Additionally, most legitimate digital payment companies provide links to their apps from their official website. It is advised for users interested in one of these apps to go to the app’s legitimate webpage, and download the app from the site.

If you think that you have been compromised with one of these apps, you should immediately delete the app from your phone, and then go to the website in question via a web browser, and change your login credentials.

Over 250 Million Email Credentials Retrieved in Data Breach, However, It May Not Be as Bad as it Seems

 

American cyber investigation company Hold Security has discovered a massive data breach of more than 250 million webmail accounts around the world.

The company’s founder, Alex Holden, reportedly told Reuters that:

“The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo, and Microsoft email users.”

The discovery was made when a researcher at Hold Security stumbled upon a young Russian hacker, known as “The Collector” boasting in an online forum about how he had stolen these records. Hold Security is a firm that attempts to recover stolen credentials from cybercriminals. Intrigued by such a large number of records, the company reached out to the hacker and learned that the data was actually a collection of multiple breaches over time. Shockingly, they learned that the hacker only wanted 50 rubles, which is about .75 cents for the lot. The hacker stated that he just wanted to get rid of it, but he didn’t want to do it completely for free. Instead, the hacker just asked them to add likes/votes to his social media page.

Once Hold Security retrieved the collection, they began investigating the legitimacy of the records. According to their blog, after checking the 272 million records against the records they have obtained from previous incidents, only 42 million of these are ones they have never seen before. While it is still a major security breach, it appears that a bulk of it may be older, recycled information from previous data breaches. Hold Security is still investigating the new records that have been found and will be “distributed to companies and individuals who can secure their systems against abuse.”

According to a statement from mail.ru, mail.ru claims that the findings are overstated.

While stolen email account credentials may seem like small potatoes, they are actually extremely useful to cybercriminals, for many reasons. Once cybercriminals can access your email account, this can give them access to scamming your friends, family, or any other email contacts, including companies you do business with.

In addition to scamming people in your address book, they can also siphon important personal data, allowing them to commit identity theft.

As well as stealing data and scamming friends, they also have the ability to break into other online accounts, such as financial accounts that are associated with the email account by attempting password resets.

If you think you may have been compromised in this breach, you should do the following immediately:

• Log into your email account via a web browser and change your password.
• If you have any other accounts that share the same password as your email account, change those immediately as well. Additionally, this is a practice that cybercriminals rely on to try to break into other accounts you may own.
• Consider using two-factor authentication on any accounts that offer it. Two-factor authentication (2FA) usually works by providing you with a special code most commonly sent by a text to your phone every time you log in, in addition to your regular password.

Since this contains data from older data breaches, that information may start recirculating the web again. It may take weeks to months to know if you have been breached, as the criminals may hold the data for a long amount of time in order to evade detection. So if you haven’t changed your password in a few months, it’s best to be safe rather than sorry and change those passwords now.

Critical Vulnerabilities Affecting QuickTime for Windows

Two zero-day vulnerabilities showed up recently that could spell trouble for Apple users who use QuickTime for Windows. 

The ZDI-16-241 and ZDI-15-242  vulnerabilities allow an attacker to run malware or malicious code remotely. It gains access to a computer when a user is tricked into visiting a malicious webpage or opens a malicious file.

This vulnerability is critical because Apple is no longer providing security updates for QuickTime on Windows. Since these vulnerabilities are never going to be patched, the best line of defense is to uninstall QuickTime for Windows immediately.

Since the primary mode of entry for these vulnerabilities is through phishing, users are advised to be cautious before clicking on a suspicious link or opening emails from unknown sources. It is best to keep all your software and operating systems up-to-date and keep your devices safe with a reliable security suite like Norton.com/setup Security. 

How To Stay Ahead of Zero Day Vulnerabilities?

 

Zero-Day Vulnerabilities are newly discovered software vulnerabilities that are unknown to the manufacturer. A software vulnerability is a weakness in the software where cybercriminals can sneak malware onto your computer. In these cases, hackers will rush to exploit the newly discovered vulnerability before the software company has the chance to fix it.

While Norton.com/setup customers are automatically protected in most cases, it’s still always a good idea to err on the side of caution and continue to apply vendor patches as they become available.

Performing these updates can be a cumbersome and annoying task. They tend to pop up usually during the most inconvenient times- while you’re working on something on your device-so, of course, there is the option to update later. People tend to push the updates off (and off, and off again).

The good news is, even if you don’t have the chance to apply it immediately, Norton automatically defends against most of these vulnerabilities. However, it is still a strongly recommended best practice to apply Norton.com/setup software updates as soon as they are available. In addition to fixing the holes identified in the software, these manufacturer patches also serve up a plethora of other benefits to your system, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and more.

Basic Antivirus is Just Not Enough Anymore

While most operating systems do come with their own form of anti-virus protection built-in, it is not always as comprehensive as a proper Internet security suite. Internet security suites have much more functionality than regular anti-virus software. Norton.com/setup software protects against some threats such as spyware, adware, and malware, but not much more. In order to reach far beyond those limitations, it’s important to have technology that can specialize in the detection of higher-risk malware, contain anti-spam filters and email protection, built-in firewall protection, safer web browsing by blocking malicious websites, parental controls and can even safeguard your identity while you’re conducting online transactions. That’s something that is built into a product like Norton.com/setup Security.

The Internet threat landscape has evolved into so much more than viruses, that simple anti-virus detection is just not enough. The best way to stay ahead of all threats on the Internet is to take a multi-layered approach to your security by installing an Internet security suite such as Norton.com/setup Security as well as applying those patches A.S.A.P.!

Time to Change Your LinkedIn Passwords! 117 Million Credentials Have Been Breached.

In 2012, LinkedIn suffered a data breach of six million user account names and passwords. Apparently, that breach is extremely larger than originally reported.

A Russian hacker going by the name of “Peace” has claimed responsibility for the 2012 hack. This hacker has now resurfaced, and instead of just the six million credentials, he is selling a whopping 117 million credentials on the Dark Web acquired from that same breach.

This hacker waited four years to release the data on the black market.

This just goes to show how important it is to use strong and unique passwords for each service and not to re-use passwords. Hackers tend to rely on repeat password usage and will try to break into other accounts with the credentials obtained from the breach. It can be a cumbersome task to have to remember so many unique passwords, however, with Norton.com/setup Identity Safe, you can eliminate that hassle. The app will securely store your passwords and automatically log you into the sites you visit. 

It’s entirely possible to have your information breached without you knowing about it. Usually, with data breaches, hackers tend to hold on to the information for months, and in this case, years, in order to evade detection from law enforcement and not draw any suspicion from the breached users.

According to a statement from LinkedIn, the new data released is indeed legitimate, working credentials and "LinkedIn is invalidating passwords and is letting members know how to reset."

What to do to stay safe:

If you have a LinkedIn account, change your password immediately! Even if you don’t think you’re affected- there’s no way of completely verifying that.

You can reset your password for LinkedIn here: https://quicksolvo.com/norton-com-setup/.

In addition to changing your passwords, it’s an excellent idea to turn on Two-Factor Authentication, which. Two-Factor Authentication adds an extra layer of security to your account, usually, be sending a text code to a device you own, and the hacker does not have access to it. 

Beware of Hacked Twitter Accounts Posting Links to Adult Dating and Sex Personals

 

Over 2,500 Twitter accounts have been taken over by scammers and are tweeting links to adult dating and sex personals websites. Once the accounts were compromised, the attackers essentially “rebranded” the account by changing profile photos, biographies, and names of the accounts to match the websites they were promoting.

Norton.com/setup Symantec has been investigating this issue, and they have found that there were a few high profile accounts that had followers from 20,000 upwards to hundreds of thousands that had been compromised. 

How to Secure Your Twitter Account

It seems that these attackers are going after a variety of accounts, no matter the number of followers. If you’re an active Twitter user, some steps you can take to secure your account:

1. Beef up your Password:

It’s a good chance that a sizable amount of the accounts that were compromised used weak passwords, or re-used passwords on other services. Always use complex, unique passwords for each website you visit. You can learn more about how to create strong passwords and how to manage them here.

2. Password managers make things easier:

Unique passwords are key. If one set of credentials is leaked in a data breach, chances are they will be tried on other popular websites as well, especially ones that are related to finance. Keeping track of multiple passwords doesn’t have to be difficult. We suggest using a password manager such as Norton.com/setup Identity Safe.

3. Double up on your security by considering enabling Twitter’s Login Verification

(link is external)

:

In addition to using your username and password to log into a website, Twitter’s Login Verification sends a code to your mobile phone that you will use as an additional login step.

For the in-depth report on this investigation, you can read the Norton.com/setup Symantec Security Response Connect blog post here.

Are Your Social Media Accounts Safer Than Mr. Zuckerberg’s?

 

A hacker group that calls itself OurMine claims that it has gained access to several social media tech giants, Mark Zuckerberg’s social media accounts, as a result of the 2012 LinkedIn data breach. Zuckerberg is the latest example of what can happen when you create and reuse weak passwords. What is surprising is how weak his password was. According to the hackers, his password was “dadada.” However, his Facebook account remains intact and best practices have been employed to secure his compromised accounts.

Are you a victim too?

The LinkedIn data breach reportedly exposed 117 million passwords. As a result, LinkedIn inactivated all the passwords on LinkedIn for members who hadn't updated it since the 2012 incident. They also reached out and let them know what had happened, reminding them to reset their passwords on other sites. You can also run a check to see if your email account has been included in a released database. The website Have I Been Pwned? provides a simple yet useful service to help determine if you have been a victim of a data breach. Simply enter your email address and the website will reveal if your data has been leaked. If you have been ‘pwned’ then change your password across all social media immediately.

What are the precautions to take?

• Beef up your passwords:

  When creating and updating passwords, make sure that your new password is a minimum of eight characters long and doesn’t contain your real name, username, or any other personally-identifying information. The best passwords include a combination of uppercase and lowercase letters, numbers, and special characters.

• Don’t re-use passwords: Once a hacker has cracked a password for one of your

  accounts, they’ll try to use it to gain access to all your accounts. This is why it’s important to create a unique password for each account.

• Use a password manager: It can be challenging (or nearly impossible) to

  Remember unique passwords for each account, so consumers should consider using a password manager like Norton.com/setup Identity Safe that stores your passwords in a secure, cloud-based vault.

• Pay special attention to email credentials: Many users fail to recognize that

  their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site and the recovery link is sent to your email account. Ensure you use a particularly strong password with both characters and numbers for your Norton.com/setup email account. And don’t reuse it!

• Enable two-factor authentication: Many websites now offer two-factor (or two

  step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device via text message or a token generator to login to the site. This may add complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.

  Our first line of defense from cybercriminals is our knowledge. Staying aware of the ongoing threats in the cyber world is a good first step towards keeping yourself safe. Remember to keep all your devices updated with the latest security software and use strong passwords.

Norton.com/setup Utilities Premium 17.0.5 is now available!

We are happy to release Norton.com/setup Utilities Premium 17.0.5. 

Note: This update is being released in a phased manner. 

Below are FAQs that address some common questions:

1. What is the version number for this update?

Norton.com/setup Utilities Premium 17.0.5.701

2. What's new in build Norton Utilities Premium 17.0.5.701? 

• Language Selector during Install Installation
  

• Bug fixes:
  • Installation stopped at a blank page with only the 'Finish' button - 
  • File shredder in NUP does not work correctly - Thread
• Other minor fixes & performance enhancements

3. Where can I post my queries?

Visit our Other Norton Products forum to post your queries.

Norton.com/setup Family 3.8 update for Windows is now available!

We have released Norton.com/setup Family 3.8 update for Windows. 

Note: This update is being released in a phased manner. 

Below are FAQs that address some common questions:

1. What is the version number for this update?

Norton.com/setup Family 3.8.0.59 for Windows

2. How can I receive this update?

If your device is connected to the Internet, Norton.com/setup Family checks for updates at regular intervals and can automatically update to the latest version. But if your device is not connected to the Internet for a long time or if you had automatic-update issues, use the Update Norton.com/setup Family to the latest version instructions to manually update Norton Family.

Note: A system reboot may be required to apply this update. 

3. What's new in build Norton.com/setup Family 3.8? 

• Engineering enhancement
• Defect fixes

4. Where can I post my queries?

Visit our Norton Family forum to post your queries or Norton Family Knowledgebase articles for more information.

Norton.com/setup Protection End-of-Support Announcement for Windows XP and Windows Vista

Beginning in early 2021, Norton.com/setup protection software will no longer support Windows XP and Windows Vista.

Microsoft®, the developer of the Windows operating system, ended support for Windows XP in 2014(link is external)and Vista in 2017(link is external. Norton.com/setup products and services have continued to help protect computers using these operating systems well past their end-of-support dates from Microsoft. However, in order to continue to provide our best security for modern Windows operating systems, these older OSes will no longer be supported.

An exact end-of-support date will be communicated in the near future and your Norton.com/setup protection software on Windows XP and Vista will continue to function normally until then. After the end-of-support date, computers running unsupported operating systems will stop receiving the product, service, and protection updates and virus definitions. Please note that if you are using Norton.com/setup protection on computers running Windows 7, 8, or 10, there is no action necessary on those computers.

What should I do about it?

In order for your computer to receive protection from Norton.com/setup after the end-of-support in early 2021, you will need to take one of the two specific actions outlined at the bottom of Microsoft’s Windows XP End of Support  page:

1. Update your computer’s operating system to a supported version of Windows*
2. Consider purchasing a new PC that runs Windows 10

If you decide to retire your old computer, don’t forget to take Norton.com/setup protection with you. Any days remaining on your subscription can be transferred from one device to another by signing in to Norton.com/setup.

Be on the lookout for future communications from NortonLifeLock related to this announcement. For more information, please visit the End-of-Support announcement for Norton.com/setup protection on Windows XP and Windows Vista KB article. The NortonLifeLock Member Services & Support team is here for you if you have questions.

Thank you for being a customer.

Critical Adobe Flash Player Vulnerability Exploited in the Wild

 

A critical new vulnerability (CVE-2016-4171) has been exploited via targeted attacks in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. 

This vulnerability can cause a system crash and possibly allow an attacker to take control of the affected system.

How to Protect Yourself

Once available, Flash Player users should update to the latest version.

(link is external)

Since this is an active vulnerability that is already being exploited, it is crucial that users update their software immediately.

If you are concerned about this issue you can temporarily disable Adobe Flash in the browser until the update is available by taking the following steps:

Internet Explorer versions 10 and 11

1.  Open Internet Explorer

2.  Click on the Tools menu, and then click Manage add-ons

3.  Under “Show”, select All add-ons

4. Select Shockwave Flash Object and then click on the Disable button

You can re-enable Adobe Flash by repeating the same process, selecting Shockwave Flash Object, and clicking on the Enable button.

Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website.

Firefox

1.  Open Firefox

2.  Open the browser menu and click Add-ons

3.  Select the Plugins tab

4. Select Shockwave Flash and click Disable

You can re-enable Flash by repeating the same process, selecting Shockwave Flash, and then clicking on the Enable button.

Chrome

1. Open Chrome

2. Enter chrome://plugins/ in the address bar and hit the Enter key

3. Click the Disable link under the Adobe Flash Player plugin

You can re-enable Flash by repeating the same process and clicking the Enable link.

Norton.com/setup offers protection against this vulnerability (CVE-2016-4171), which is due to be patched by Adobe tomorrow as part of Adobe’s monthly security update.

FLocker Ransomware Now Targeting the Big Screen on Android Smart TVs

 

FLocker (short for "Frantic Locker") ransomware is now capable of locking up Android TV sets. This particular ransomware strain is not new, as it has been posing a threat to Android smartphones since May 2015. There are several thousand variants of this strain of malware, and one has now made its way onto smart televisions running Android OS.

While this variant of malware does not encrypt files on the infected device, it does lock the screen, preventing the user access to the TV. Additionally, this malware has the potential to steal data from the device.

This new version of FLocker, much like normal ransomware, displays a notification from a law enforcement agency such as the Japanese Ministry of Justice and the U.S. Cyber Police, which are both fake entities. The message accuses the user of hosting illegal content or performing illegal activities and then demands a "fine" of $200 US in iTunes gift cards, in order to release the television. The malware operates in the same way on Android smart TVs as it does on smartphones.

The concept of smart TVs and malware is not new. Norton.com/setup Security researcher Candid Wueest published a proof-of-concept for smart-TV ransomware on Norton.com/setup Symantec’s Security Response blog.

It’s a nasty variant, but your TV shows don’t have to be held hostage.

How To Stay Protected:

This ransomware is being delivered in the same ways traditional ransomware is on other devices.

It just so happens that the operating system on certain televisions is vulnerable to this strain of ransomware, and not specifically targeted.

This ransomware is typically transmitted to televisions that have SMS text messaging capabilities, or by using the web browser on the TV and accidentally visiting malicious websites. To keep yourself protected from this threat avoid using the SMS messaging or web browsing capabilities on your television. Make sure to never click suspicious links in texts, emails, and websites.

Also, be sure to stick to the official app store for your television, as third party app stores can contain malicious apps.

Be sure to perform a software update on your television, if available. These updates are known to help patch vulnerabilities or “holes” where malware can be snuck into the device.

Norton.com/setup Security protects against variants of this ransomware for PC users. Mainly we detect malware as Android.Lockdroid.E and a few other versions of it as Android.Lockdroid. H and Trojan.Gen.2.

If you've fallen victim to FLocker, first and foremost, do NOT pay the ransom- it’s not guaranteed that you will gain access to your television. Instead, it is suggested to contact your smart TV's vendor.

Are Locky and Dridex on Summer Vacation?

 

A sudden drop in cybercrime activity related to major threat families Locky, Dridex, and Angler have Norton.com/setup Symantec cybersecurity experts taking note, but still keeping a vigilant eye on the associated malware gangs. One reason for the decrease may be the arrest of 50 people in Russia thought to be involved in the group behind the Lurk banking fraud.

Locky Dropoff

One of the most prevalent ransomware threats in 2016, Locky has shown a significant drop in activity during the month of June. Blocked Locky infections per week went from more than 3,000 in May to the low hundreds this month. That means that new Locky cases, either from spam campaigns or exploit kits, have dramatically fallen.

Figure 1. Blocked Locky infections by week, showing a drop in activity over the past two weeks

Dridex Slowdown

Financial fraud Trojan Dridex has also almost disappeared — but not quite. The Dridex botnet’s subnets continue to operate, and Norton.com/setup Symantec has noted that Word macro downloaders are still delivering Dridex through spam campaigns.

Figure 2. Blocked Dridex infections by week, showing low activity in recent weeks

Angler Inactivity

The Angler exploit kit has dropped off the radar, with no reported payloads being delivered since the start of May. This isn’t the first time Norton.com/setup Symantec Security Response has seen Angler go dark, so it remains uncertain whether this well-known exploit kit has gone extinct.

Figure 3. Payloads being delivered by Nuclear exploit kit. Activity ceases in the first week in May.

Russian Arrest Connections?

Given that most of the affected threats have not disappeared entirely, it appears unlikely that they are directly connected to the Lurk group. One possible explanation is that the law enforcement takedown against Lurk could have resulted in the shutdown or seizure of infrastructure used by other attacker groups, who have since been working to resume their operations.

Norton.com/setup Symantec Security Response is continuing to monitor the situation and will provide further updates if new information comes to light.

13 Million MacKeeper User Accounts Exposed13 Million MacKeeper User Accounts Exposed

 

Earlier this week, white-hat hacker Chris Vickery announced that he was able to gain access to over 13 million MacKeeper user accounts. A vulnerability was exploited in the company’s servers, which exposed the usernames, email addresses, and other personal information of 13 million customers. Since the company processes credit card payments through a third party, no financial information was exposed. Vickery notified the company of the security hole and did not release any of the data found to the public. The company said in a statement that it fixed the bug within hours of its discovery.

Data breaches are becoming all too commonplace these days. The data that companies store about their users can be a virtual payday for cybercriminals, as this type of information makes it easier to commit acts of fraud such as identity theft, tax fraud, and even open new lines of credit in your name. While the protection of your data ultimately lies in the hands of the company holding it, nothing is infallible.  

It's often said, "The best defense is a good offense." There are some steps you can take to be proactive in the event that you are exposed in a data breach:

• Do not reuse passwords for the same websites. If you are a MacKeeper user and use the same password for other accounts, change it immediately. Often, once a hacker gets ahold of a user login credentials, they will then try to use it on other websites. They depend on people using the same password for many different accounts.
   
• Monitor your credit report on a regular basis, and consider signing up for a credit monitoring service in order to alert you to new accounts being opened up under your name.
   
• Keep a close eye on your bank accounts and any other financial accounts you have for suspicious activity. If the companies you do business with offer activity alerts in the form of text messages or emails, sign up for them.

Massive Ransomware Campaign Using TeslaCrypt Discovered

 

It has been discovered that attack groups behind the ransomware known as TeslaCrypt (Trojan.Cryptolocker.N) have ramped up activity in the past two weeks, sending out massive volumes of spam emails containing the hidden malware. TeslaCrypt uses strong encryption to encrypt a wide range of files on the victim’s computer, then demanding a ransom from their victim in order to get their files back. Its creators have continually tweaked the malware and the strategy used to distribute it to help it hide from antivirus detection, therefore making it one of the more dangerous threats currently in circulation. A telltale sign of the malware is that each spam email contains an attachment with a file name using common words such as “invoice”, “doc” or “info” in addition to random characters. The attachment may have a file extension of .zip or may have no file extension at all.

Much of the current campaign of TeslaCrypt attacks involve spam emails using a range of social engineering techniques to lure the user into opening them. Examples of the subject lines used in these emails include:

•Would you be so kind as to tell me if the items listed in the invoice are correct?

•Please accept our congratulations on a successful purchase and best wishes.

•Would you be nice enough to provide us with a wire transfer confirmation.

Once the attachment is opened, it will download and install the ransomware on their computer. The ransomware will then encrypt the user’s files and then create two files on the computer, which both contain instructions on how to pay the ransom and receive a decryption key. 

TeslaCrypt is malware that can be purchased on the underground black market. Attack groups pay TeslaCrypt’s authors for use of the malware and possibly also for access to various distribution channels, such as spam botnets or exploit kits. Because of this, it is difficult to identify anyone perpetrator responsible.

However, Symantec’s findings show that one group, in particular, is behind most of the recent spike in TeslaCrypt activity and it appears to be using spam email as its main distribution method.

Protection

Given that this group using TeslaCrypt has been highly active in recent weeks, businesses and users should be on their guard. Norton.com/setup Security protects against TeslaCrypt.

In addition to the protection Norton.com/setup offers, there are still some extra practices users can take to stay protected from this threat:

• Keep Internet security software regularly updated. Norton.com/setup is always up-to-date, other solutions may not be, so be sure to check if your solution is updated.
• Keep your operating systems and software up-to-date with the latest patches.
• Use caution when opening emails from unfamiliar sources especially with attachments or links. Do not click on unsolicited web links in email messages or submit any information to webpages in links.
• Users should also regularly back up any files stored on their computers. Once backed up, be sure to keep the backup device unplugged from the computer, as it is still susceptible to infection if connected. If a computer is compromised with ransomware, then these files can be restored once the malware is removed from the computer.

Further reading

If you would like to find out more about the threat posed by ransomware, you can read our whitepaper: The Evolution of Ransomware as well as Norton.com/setup support’s self-help page for ransomware.