Security

Administrators at the Concordia University in Montreal, Canada, discovered hardware-based keyloggers on a few terminals at two of their libraries.

The devices were found on express workstations located on LB2 in the Webster Library and on express workstations located in the Vanier Library on VL1.

University staff discovered the incident when they moved the express workstations in the Webster Library from LB2 to LB3 in February 2016.

It’s hard enough for non-technical users to deal with ransomware infections: understanding public-key cryptography, connecting to the Tor anonymity network and paying with Bitcoin cryptocurrency. A new malicious program now makes it even more difficult by completely locking victims out of their computers.

The new Petya ransomware overwrites the master boot record (MBR) of the affected PCs, leaving their operating systems in an unbootable state, researchers from antivirus firm Trend Micro said in a blog post.

Malware has infected the computer network of MedStar Health, forcing the healthcare provider to shut down large portions of its electronic operations.

A statement by the health system said that all facilities remain open, and that there was "no evidence of compromised information."

Multiple Cross-Site Scripting (XSS) vulnerabilities have been uncovered in the popular online open source shopping cart application, Zen Cart.

A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, especially healthcare organizations.

The ransomware, dubbed PowerWare, is being distributed to victims via phishing emails containing Word documents with malicious macros, an increasingly common attack technique. The phishing attack is being disguised as an "invoice.”

According to Carbon Black, PowerWare targets organizations via Microsoft Word and PowerShell. PowerShell is the scripting language inherent to Microsoft operating systems.

Andrew Auernheimer, a black hat hacker known as "Weev," has admitted to hacking thousands of Internet-connected printers and making them print out racist and anti-semitic messages.

The actual hack took place on Thursday, March 24, and by the second day, local newspapers were reporting on thousands and hundreds of printers spewing out nasty messages all over their towns.

Cybercriminals are redoubling efforts to steal payment card details from retailers before new defenses are put in place, according to FireEye.

More than a dozen types of malware were found last year that target point-of-sale systems, the electronic cash registers the process payments at many retailers.

Agilebits, makers of 1Password, recommends robust password selection and protection. Thus, it stuck in its craw, says Jeff Shiner, the company’s chief, that its business users had no simple and secure way to share collectively used passwords or secrets to which one user might need to grant access to others on occasion or when unavailable. 1Password for Teams is a result of chewing on that problem and talking to its existing customers. It’s been quietly in the works for nearly two years, and entered a public beta on Tuesday.

Intelligence agencies all over the world look to collect information pertinent to their various operations, and that involves hacking emails accounts. Google for a while now has been able to identify such government-backed hackers, and notify potentially affected customers so they can take immediate action.

In an update on the ways Gmail is getting even more secure (which is good news in the wake of the Apple vs. FBI scandal), Google revealed that as many as 1 million Gmail accounts may have been targeted by government-backed attackers so far.

I’ve had some rather unusual security training over the years. One of my earliest jobs was in security and law enforcement, and my course of study in graduate and undergraduate school included covering some of the largest security disasters in corporate history. Oh, and I was an internal auditor leader for a time when we had a tight emphasis on security. And, I’ve actually been a body guard.