Information Security News |
One of our loyal readers, Gebhard, pointed out a nice post (in German) on how to slow down Lockyif you are using a Samba server for filesharing in your environment. The technique takes advantage of fail2ban and some additional Samba logging to keep Locky from encrypting all the files on the share. It is worth a look. ">[de]:">[en]:https://translate.google.com/t
(credit: nrkbeta)
A security research firm announced Sunday its discovery of what is believed to be the world’s first ransomware that specifically goes after OS X machines.
"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Ryan Olson, of Palo Alto Networks, told Reuters.
In an interview Sunday afternoon, Olson told Ars that he expected more Mac ransomware to proliferate.
Read 9 remaining paragraphs | Comments
It appears that a large number ofwebsites, approximately 500,hosted on IP192.185.225.116 are being used as PayPal Phishing landing pages. That IP is registered to websitewelcome.com, but we have been told by customers that the IP is in use bypopular U.S. based web hosting company HostGator.
When the FQDNof a legitimate web page on that IPis appended with:
~pbhanney/goobooker/avatars/user_uploaded/manage/ffe02d0542523d2fca9d479a2b50a948/
for example" />
The issue has been reported to both HostGator and Paypal, so hopefully they can clean it up soon.
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.