Category: News

MikroTik Routers Compromised in Coinhive Cryptojacking Campaign

Security researchers have recently uncovered a massive cryptojacking campaign that relies on compromised MikroTik routers. It targets these routers to conduct cryptocurrency mining by changing its configuration. It injects a copy of the Coinhive in-browser cryptocurrency mining script into every web page that a user visited.

The campaign has taken off the ground this week and was in its initial stages. It mainly focused on compromising devices located in Brazil but later began targeting MikroTik routers in other geo-locations all over the world. In total, 210,000 MikroTik routers have been compromised.

MikroTik routers compromised


The hack exploits a security flaw in Winbox, a remote management service bundled in MikroTik routers’ operating system, RouterOS.  This flaw was was reportedly discovered early this year (April 2018) but accordingly patched the next day.

If you own a MikroTik router, it is advised that you should install the the latest MikroTik firmware as soon as possible. Also, as an added precaution, security mechanisms such as firewalls should always be enabled.

Idaho Inmates Hacked Jail-Issued Tablets for $225,000 Free Credits

364 inmates from five Idaho prisons exploited a vulnerability in their prison-issued tablets to issue themselves nearly $225,000 worth of digital credits to their accounts. They were able to crack and leverage a software vulnerability on their JPay tablets to increase their balances. The transferred credits were then used to buy music, ebooks and games.

The Idaho Department of Correction (DOC) discovered the hack earlier this month. They emphasized though that no real money was stolen and that the credits did not involve taxpayer dollars.

idaho inmates hacked prison tablets


For a few years now, tablets are allowed at low-security level prisons across the United States. This gives the inmates the privilege to email their families, access educational materials, read news, and even purchase music and simple computer games. They’ve been offered through a contract between JPay and CenturyLink.


Prison officials have already reprimanded the inmates involved in the hacking. They have been charged with a disciplinary offense and lost various privileges. They may also be reclassified to a higher security risk level.

According to the DOC, JPay has managed to recover $65,000 worth of digital credits from the 364 inmate accounts. It has also blocked the inmates involved from being able to download music and games until the company is compensated for their losses.

Network Breach in LabCorp May Expose Millions of Patient Records

Over the weekend of July 14, North Carolina-based LabCorp, United States’ biggest blood testing laboratories network, forced a shutdown on its IT network after hackers breached into their system.

As part of its breach response policy, the company immediately took various portions of its systems offline to contain the hack.

Excerpts from the form 8-K they filed with the Securities and Exchange Commission read:

“LabCorp detected suspicious activity on its information technology network.”

“LabCorp immediately took certain systems offline as part of its comprehensive response to contain the activity,

“Work has been ongoing to restore full system functionality as quickly as possible”

labcorp hacker


The breach could potentially expose millions of patient records at risk. Taken from their webpageLabCorp provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year.


The company, however, is trying to downplay the incident assuring their customers not to worry.

“At this time, there is no evidence of unauthorized transfer or misuse of data. LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation,” it said in its statement.

FBI is currently monitoring the situation and LabCorp is required to alert customers whose data were compromised within 60 days.


Healthcare organizations are often the target of hackers and cybercriminals for data breaches because it is believed that the highly sensitive data they keep on records is worth a lot when sold online.

Hacker Steals Sensitive Military Drone Docs!

Security firm Recorded Future has discovered that last month, an unidentified hacker stole sensitive military documents and tries to sell it online via hacking forums. The selling price for such docs run as low as $150 – $200. The data was allegedly hacked from the computer of an Air Force officer. It said to contain sensitive information about the MQ-9A Reaper drone that is used for overseas strikes and surveillance missions. This could give an enemy clues into its technical capabilities and potential weaknesses.


However, the firm confirmed that there was no evidence the mystery hacker was tied to a foreign country. It posed as a potential buyer and based on their exchanged messages with the mystery hacker, the firm suspects that he/she could be from South America because the communication is sometimes in Spanish and of broken English.

Also for sale are various training manuals such as a crewman training and survival manual, deployment tactics manual for improvised explosive devices (IED), and a tank operation manual.


Recorded Future already informed Homeland Security about the alleged hack and so the hacker was blocked from selling the said sensitive documents while the issue is currently being investigated.

Samsung Messages Glitch Sending Photos to Contacts Randomly

According to reports gathered online, an unusual glitch is affecting Samsung users causing the default Samsung Messages app to send random photos to their list of contacts. Since the messages were sent without consent (and apparently with no evidence), users were only made aware of the bug once they get a reply from someone who received their photos.

The issue appears to be limited though only to the newer Samsung Galaxy devices – the S9, S9 Plus, and Note 8.  The images sent seem to be just random picks from the user’s photo gallery.

Samsung Galaxy S9 glitch


Samsung, on their part, has already acknowledged the said reports. “We are aware of the reports regarding this matter and our technical teams are looking into it. Concerned customers are encouraged to contact us directly at 1-800-SAMSUNG.”


For the time being, concerned Samsung owners can resort to other messaging applications or simply disable sending photos entirely via their phone settings. This can be done by going to Settings > Apps > Samsung Messages > Permissions > Storage. By doing so, it should prevent the pre-installed Samsung Messages app to access the photo gallery by disabling its storage permissions.


It is also recommended that users may hold off installing the latest Samsung Messages update until the company will be able to fix the issue.

SamSam Ransomware New Variant Requires User Interaction Prior to Infection

A new variant of the SamSam ransomware has recently been detected. It is equally robust as its popular version which caused widespread damage with its high profile attack to state agencies, hospitals, city councils, and more.

remove SamSam ransomware


This newly discovered, more targeted Samsam variant utilizes new techniques and alterations making it unique and more difficult to spot – it requires user interaction to start its attack. It will not execute unless the attacker running the payload manually enters a special password (via the command line) before infecting any system. This means that only the person/s who know the author’s passcode can run the ransomware. Moreover, even if the ransomware is already inside one’s system, it will not infect unless the password has already been entered. This gives researchers a hard time executing the ransomware binary or run on their test machine unless they knew the password.


SamSam ransomware has remained a nasty yet elusive malware. It gained its worldwide notoriety when it infected Atlanta City’s IT systems, the Colorado Department of Transportation, and several health care organisations compromising data security and leaving millions of dollars in losses.

To get protected against this notorious ransomware, basic security practices like secured passwords, performing regular backups, and employing a centralized patch management system is crucial. These will not only keep potential hackers out of your system but you will also be able to limit any damage caused and easily recover from a ransomware attack.

74 Scammers from Nigeria, US, and Others Arrested by FBI

Last July 11, 2018, the United States Department of Justice announced that they have arrested 74 individuals (42 in the US, 29 in Nigeria, and 1 each from Poland, Canada and Mauritius) because of their involvement in BEC (business email compromise) scams swindling millions of dollars from people across the globe. US law enforcement seized about $2.4 million and recovered nearly $14 million in fraudulent transfers.

BEC scam


BEC, also known as cyber-enabled financial fraud, is a sophisticated scam. The scam involves BEC fraudsters posing as trusted vendors or corporate executives of legit corporations. They will establish communication by sending phishing emails to firm employees with access to the company’s finances and then instruct the victims to transfer funds to accounts they control.

They also target real estate buyers and those who are not tech-savvy especially elderly users. Using social engineering techniques, they will trick them to wire money or reveal personal data.

Dubbed as “Operation Wire Wire” and coordinated by the FBI, US authorities and international law enforcements have been working with the following institutions:

  • Homeland Security Investigations
  • U.S. Attorneys’ Offices
  • Secret Service
  • Postal Inspection Services
  • Treasury Department

It took them six months to finally get hold of these criminals.

Facebook Confirms Your Data Shared With Chinese Firms

Yesterday, June 5, Facebook has confirmed that it has data-sharing partnerships with at least four Chinese companies which include:

  • Lenovo
  • Huawei (previously under scrutiny from U.S. intelligence agencies regarding security threat)
  • TCL (the present manufacturer of BlackBerry phones)
  • Oppo (OnePlus’ parent company)

facebook data sharing


The said agreements, dating to as far as 2010, gave the listed Chinese firms access to some of the users’ data so they could build Facebook interfaces on their own platforms. Facebook said that the data collected were stored and stayed on the users’ phones, and not on the phone manufacturers’ servers. Huawei, on their part, maintained that the company has worked with Facebook to make the latter’s services more convenient to users. It has never collected or stored any user data.


According to an interview with Facebook officials, the majority of these company partnerships have already wound down. However, the agreements with the four Chinese companies listed above remain in effect but they will be ending Huawei’s partnership later this week, to be followed by the other three companies as well.


If you’re concerned with your data being affected by this issue, don’t panic. If you’re using an iPhone, make sure to update to the latest iOS and for Android users, no need to worry. All the information you’ve shared or posted are stored on your device. Facebook simply manages the flow of information on their servers.


As an added precaution, consider following these tips:

  • Minimize the amount of data you are sharing
  • Change your privacy settings
  • Turn off/limit access for third-party applications
  • Avoid posting your every location
  • Turn on extra security settings
  • Only add people you know


Better safe than sorry, as they say!

Beware of the Black Dot “Text Bomb” Bug

There’s a new bug that is recently rendering iPhones to freeze, slow down, and crash. It is a harmless-looking message with a black dot emoji a.k.a. “the black dot of death”. This bug affects all iPhones running the most recent version of iOS, iOS 11.3 and the iOS 11.4 betas. There’s no verification yet though whether it also affects older iOS.

black dot bug


What Actually Happens

When a message is received containing the said emoji and eventually opened by the user, the messaging app will crash and the device locked into a white screen. This is because these messages containing the black dot emoji are followed by hundreds of thousands of invisible characters which causes the Messages app to freeze. It will then flood the iPhones’ CPU where it will overheat and a possibility of a device crash.


What You Can Do

The black dot “text bomb” bug can easily be transmitted. Someone will just simply send a string of texts, wait for their target to open such message and that’s it!

When your iPhone suddenly freezes because of this so-called text bomb, try force-quitting ‘Messages’ and re-open it. After which, delete the conversation with the black dot immediately.

Make sure also to update to the latest iOS when it is released. Apple will surely fix this issue and create a patch for this annoying bug.




How to Remove Win Speedup 2018

Win Speedup 2018 is a PUP or potentially unwanted program. It is advertised as a system optimizer and downloaded or bundled along with free programs without the users knowledge. They do not fully disclose that other software will also be installed.

Once Win Speedup 2018 is installed, it claims that several performance and security issues are detected on your computer. When you try to fix these detections, you will be obliged to buy its full version before proceeding. Any attempt to repair the said “issues” it claims opens up to a payment processing site.