News

Games, Porn, And "AdultSwine" Malware

Cybersecurity experts find AdultSwine malware on 60 gaming apps. Learn how to delete an infected app and protect yourself from future malware. Read More


Ann Curry And Gretchen Carlson: How Their Sexual Harassment Charges Show The Demise Of Employer Sexual Harassment Defenses

Jack McCalmon, Esq. examines how sexual harassment charges in 2012 and in 2017 differ and how this affects employer defenses today. Read More


SSL-Enabled Does Not Mean "Malware Safe"

Cybercriminals created a fake, SSL-enabled website to trick users into downloading a "security patch" that actually contained malware. Learn how to spot a phishing site. Read More


SSL-Enabled Does Not Mean "Malware Safe"

Cybercriminals are taking advantage of a well-known vulnerability to trick users into downloading malware.

Cybercriminals have spoofed the website of the German Federal Office for Information Security (BSI). The phishing site looks like the official site and is even SSL-enabled, meaning the site looks secure.

The fake domain links users to a ZIP archive that claims to contain a patch for Meltdown and Spectre chip vulnerabilities, but in fact contains malware. When users run the "patch," their computers are infected with Smoke Loader malware.

Smoke Loader malware connects and sends encrypted information to various domains and receives additional payloads.

Fortunately, this phishing website is no longer operational. However, hackers are creating similar fake sites for future scams. Phil Muncaster "Phishers Push Malware Disguised as Meltdown Fix," www.infosecurity-magazine.com (Jan. 15, 2018).


Commentary

Users cannot rely on any one thing like an SSL certificate to protect them from cybercriminals.

Although it is good practice to never send information over a site that is not encrypted, having an SSL certificate is no longer a green light. Information could be encrypted during transit, but still contain malware, or go to criminals who want to steal your personal information.

Before entering any information or downloading anything from a website, scan the site for any signs that it could be fake. Look for misspelled words or poor grammar. Look closely at the web address—not just the lock symbol—and make sure that it is the correct address for the organization. Also, look for low resolution images, as that could be a sign that hackers quickly threw together the site.

It is most important to beware of any request to download information that is not expected.  

If you believe that an email contains a legitimate update, verify it through other online resources or by calling the organization before selecting a link or downloading an attachment.

Finally, your opinion is important to us. Please complete the opinion survey:

EEOC News

Memorial Healthcare Sued by EEOC For Religious Discrimination

February 14, 2018

READ MORE

Signature Industrial Services Sued By EEOC for Disability Discrimination

February 13, 2018

READ MORE

EEOC Sues Restaurant Maurizio's Trattoria Italiana for Pregnancy Discrimination

February 13, 2018

READ MORE