World’s Largest Contract Chipmaker Recovering After Ransomware Attack

World’s Largest Contract Chipmaker Recovering After Ransomware Attack

Apple iPhone TSMC chipmakerTaiwan tech firm and Apple chipmaker, TSMC, said it was recovering from a ransomware attack over the weekend. Apparently one machine was online when it shouldn’t have been and this lead to the infection of more than 10,000 of their manufacturing machines in multiple factories. The ransomware was a variant of WannaCry which is a type of ransomware cryptoworm used by bad guys to encrypt computer data and hold it for ransom. TSMC says they are now back in full production again.

Always make sure you have a good antivirus program installed and up to date! Just as important, make sure you have a good, solid back up of any data that’s important to you!

Source: Reuters

ATM Hacking Malware Being Sold On The Dark Web – Cheap!

The website is called ATMjackpot and sells the malware title Cutlet Maker. The name comes from Russian slang “Cutlet” which means a “roll of money.”

The malware coders claim that it works on any Wincor Nixdorf ATM. Most ATMs are vulnerable to hackers because the machines have a computer inside that run an operating system just like a desktop PC.  Many ATM computers still use old operating systems like Windows XP which is no longer supported or updated to fight the latest threats. This fact, coupled with open and available USB ports makes the machines the perfect targets for hackers.

NHS Lanarkshire Hit By Ransomware

On Friday, a new variant of Bitpaymer disrupted work and demanded payment in bitcoin. IT staff worked over the weekend to get the network back up and running.

According to a spokesman, all security software and systems were up to date but the ransomware was deployed on the network anyway.

Most ransomware and malware infect systems via phishing emails.

How To Prevent Your Thanksgiving Guests From Infecting Your PC

Thanksgiving is right around the corner and if you are hosting the feast this year, you are probably scrambling around, trying to get ready for the big day and getting your house spick and span so your guests don’t judge you. But there’s one area in our homes that we often overlook when it’s time for relatives to come over. It is an undoubtedly popular place among both young and old. It’s your PC.

Without fail, your 7 year old nephew is going to ask you if he can play computer games and your 70 year old uncle is going to ask you if he can “surf the web.” And everyone who steps in the door with a smartphone is going to ask you for your WiFi password. Because you’re a nice person and a gracious host, you will say yes and your guests will skip down the hall and plop down in front of your computer.

Now, you might think this is no big deal. However, letting others use your PC without implementing some proper security measures could lead to an infected computer or an invasion of your privacy.

What can happen

Imagine Uncle Joe sits down at your computer, logs into your account, and starts searching the web. He will immediately have access to your search history, autofill forms, passwords, YouTube watch history, email, and social media accounts (if you leave those logged in). You might not be searching for and watching anything “bad” but you might still be embarrassed if he sees that you recently searched for “how to cook a turkey.” You also don’t want him looking at your private email or your Facebook messages. And you certainly don’t want him stumbling onto eBay and starting a bidding war on your account accidentally.

The other thing that can happen if you let guests use your computer is an infection. While you, being tech-savvy, might know that you shouldn’t just click anything and everything on the computer, your little nephew probably does not. He will head straight to his favorite game site which is probably riddled with malware that will download straight to your system. It can happen way too easily, especially in the case of drive-by-download attacks.

There are ways to prevent both of these things from happening.

How to prevent an invasion of privacy

The first thing you need to do to prepare for computer visitors is to create a “guest” account. With a guest account, the user won’t have access to your browser history, files, passwords, email, etc. They will also be unable to install software to the computer or apply a password to that guest account. To enable the guest account in Windows 7 or 8:

1. Open the Control Panel.
2. Click on Add or Remove User Accounts. (in Windows 8 click on Change Account Type)
3. Click on the Guest icon to enable it.
4. Then click Turn On.

Microsoft changed a few things with Windows 10 and the guest account enabling gets a bit more complicated. If you’re interested, here are the directions for enabling a guest account in Windows 10.

Voila. Now guests can surf the web and play games without being able to see any of your personal stuff.

How to prevent an infection

First of all, you need to install good antivirus software. You should have this whether or not guests are using your computer because if you don’t, it’s not a matter of if you get a virus, but when. If you are connected to the internet, you are vulnerable to malware. You also need to keep your antivirus updated continually. Then, scan your computer for malware regularly to make sure you are not infected. Be sure to always back up your data before anything bad happens because once it’s gone, it’s gone.

Some antivirus software, such as Avast, will indicate whether or not a link is safe to click on. You could teach your relatives this to make sure they don’t click on the bad links.

What to do if you are infected

If it’s already too late and you acquired some nasty viruses (as well as a few extra pounds from all of that pumpkin pie) you should take your computer to a professional. Most antivirus programs have the option to eradicate the virus, but they don’t always work as well as they should. At catmandu, we may not be able to help with the pumpkin pie weight, but we can certainly help with the viruses.

Statement On Lenovo Superfish

Lenovo recently came under fire for being caught preloading laptops with a program called Superfish. The program contained a security flaw which allowed users’ web connections to be hijacked and spied on. Superfish is considered “adware”, software that automatically displays advertisements.

However, a Lenovo spokesman reported, “We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns.” Superfish “does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted,” according to Re/Code.

Lenovo did not install Superfish on any ThinkPad notebooks, nor any desktops, workstations, servers, tablets, or phones. The only laptops that were preloaded with the software were the following consumer model notebooks:  Z-series, Y-Series, U-Series, G-Series, S-Series, Flex-Series, Yoga, Miix and E-Series. Superfish only affects these laptops shipped between September and December of 2014.

No devices sold from catmandu will contain Superfish.

At catmandu, with our commitment to excellence and to our customers, we only sell high-end Lenovo products. You will not find any of the consumer models in our locations.

Lenovo will not be preloading Superfish on any device in the future and they are making every effort to inform consumers of the risks of not uninstalling Superfish. In a statement to their retailers, they stated, “We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer.”

Removal of the adware is relatively simple. You can find the instructions here, or you can bring your laptop to one of the catmandu locations.

At catmandu, we continue to stand behind the Lenovo product line.

Google Play Apps Infected With Adware

Security firm Avast released this report earlier today stating that certain games on Google Play, once downloaded, infect your device with adware, a type of malware that causes unwanted ads to constantly pop up on your screen. “Durak,” one of the infected games, has had 5 to 10 million downloads in both English speaking countries and foreign nations.

Avast researcher Filip Chytry found adware in over a dozen apps including an IQ Test and a history app.

Once downloaded, the apps don’t start showing ads right away, often taking up to 30 days to start serving ads. According to TechCrunch, your phone has to be rebooted at least once before the adware begins but once it does, an ad will appear each time the user unlocks their phone. A warning will be shown stating that the phone is infected, in need of updating, or full of porn. The ad will ask users to be redirected to a site to fix the problem, but that site will simply collect information and personal data.

Some of the ads were from legitimate companies. Even more surprising, some were from real online security apps, such as Quihoo 360. To be sure you’re not installing dangerous apps, read descriptions carefully. Many of the descriptions of the adware-laden apps are written in broken English.

Critical Vulnerability For Flash Player Users

Adobe Systems reported this week that Flash player users may leave their system open to vulnerabilities if they do not immediately update the player, reported ArsTechnica.


Here’s how the malware works: A weakness in the Flash player allows hackers to implant websites with a malicious code. Then, people with vulnerable computers access those websites. This allows hackers to install backdoors that can be used to steal passwords, monitor keystrokes, and infect systems with more malware. Eventually, attackers could take control of the entire system and corrupt the memory on that computer.

The problem affects computers using Internet Explorer and Firefox on Windows 8.1 and below, according to this Adobe security advisory. Users with automatic Flash updates began receiving the latest version on January 24th and users with manual updates can receive the latest version here.

Users can also protect themselves by enabling the click to play feature in browsers which stops the Flash player from running without consent, according to PCWorld.

If you think your system is affected, bring it to catmandu immediately.

Zeus Banking Trojan Uses Steganography To Hide Crucial Data In A Photo

CNBC Prime – YouTube

Zeus is known for being one of the most effective tools for stealing a person’s banking information as it hacks login details and even masks secret transactions taking place in the background. Zeus VM is the newest variant that downloads a users configuration file that contains the domains of the bank. Then the malware is instructed to intervene during the transaction.

This was first noticed by a French researcher who writes under the name Xylitol. Jerome Segura, security researcher for Malwarebytes wrote “The malware was retrieving a JPG image hosted on the same server as were other malware components.”

Steganography has been used by malicious code writers for quite some time and is nothing new. The embedded code in the file format looks legitimate and is sometimes overlooked by security software. Most webmasters would assume an image that can just be viewed would be harmless. In bitmap mode the suspect image appears to be much larger and the malicious data that has been added and encrypted using Base64 encoding and RC4 and XOR encryption algorithms.

Even Wells Fargo data has been shown to be captured by this malware.


New Trojan.Droidpak Malware Infects Android Devices Via Windows

Android has continued to increase marketshare and with the new releases of Jellybean and KitKat the platform has become a favorite for consumers and developers alike. Along with the popularity, Android has now become the target of even more attacks using virus and malware applications. The most recent has been dubbed Trojan.Droidpak. It tries to install mobile banking malware. The thing about it is that it tries to install it via Windows.

“We’ve seen Android malware that attempts to infect Windows systems before,” Symantec researcher Flora Liu said in a blog post. “Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.” – Source Blog

Windows malware drops a DLL file that is malicious on the computer, then registers it as a system service. The from a remote server it downloads the configuration file and this is where the malicious APK which is called AV-cdk.apk.

The installation is repeated over and over to insure that the device does end up infected. Successful infection requires that USB debugging mode be enabled. The APK actually looks for certain online banking apps on the device and then prompts the user to delete and install the malicious version.

It has been recommended that users disable USB debugging mode unless it is absolutely necessary to what they are currently working on. It’s also recommended that users install a trusted security application as well.

Bulk SMS App Bazuc Exposes Android Users To Security Risks

Mobile security expert Lookout is warning of a new threat that affects users on Android devices through spam, bulk messaging and foreign banks. The threat is directly associated with a bulk SMS messaging platform called Bazuc. The platform offers users a bonus if they allow the app to access their messaging allowance. There have been over 50,000 downloads as to date. And according to the developer it has been downloaded from 3rd party vendors as well.

They bait users with the idea of getting cash for their unused text message inventory. What this does is allow the malicious people using the app to now send messages that bypass normall mobile spam filters because it looks like it is coming from your phone. And in reality, it is coming from your phone. Bazuc’s authors are basically charging vendors to send malicious emails using your phone number.

These messages have, so far, been directed at American users. But they have originated in Russia, Nigeria, Poland, and Mexico. They have ranged from simple registration requests, to password and PIN code farming.

The real problem occurs in the fact that the messages are open for the owner of the relay to see. This puts banks and other institutions clients at risk.

Bazuc is not considered “malware” due to the fact that is just exploits loopholes in all mobile platforms. If you install this app, you risk all of your personal information being shared with many different people and organizations. It is very easy for this information to fall into the wrong hands.

While Bazuc isn’t breaking any rules, phone users who have downloaded the app and used this feature have definitely suffered the consequences of this “loophole”. And this app, in most cases, breaches the terms of use contract that you sign when you pay for your mobile plan.

Lookout has also brought to light a very good point on their blog stating:

“…we can’t discount the possibility that this network could be used to send illegal messages, and in this case the owner of the phone is likely to find themselves in hot water with the authorities”.

So, the app isn’t breaking any laws, but it might just end with you getting in some trouble in more than one way. Beware of the Bazuc app.