As part of its monthly Update Tuesday , Microsoft announced Vulnerability-related.PatchVulnerability this week that they ’ ve released Vulnerability-related.PatchVulnerability a preliminary fix for a vulnerability rated important , and present in Vulnerability-related.DiscoverVulnerability all supported versions of Windows in circulation ( basically any client or server version of Windows from 2008 onward ) . The flaw affects Vulnerability-related.DiscoverVulnerability the Credential Security Support Provider ( CredSSP ) protocol , which is used in all instances of Windows ’ Remote Desktop Protocol ( RDP ) and Remote Management ( WinRM ) . The vulnerability , CVE-2018-0886 , could allow remote code execution via a physical or wifi-based Man-in-the-Middle attack , where the attacker steals Attack.Databreach session data , including local user credentials , during the CredSSP authentication process . Although Microsoft says Vulnerability-related.DiscoverVulnerability the bug has not yet been exploited Vulnerability-related.DiscoverVulnerability , it could cause serious damage if left unpatched . RDP is widely used in enterprise environments and an attacker who successfully exploits Vulnerability-related.DiscoverVulnerability this bug could use it to gain a foothold from which to pivot and escalate . It ’ s also popular with small businesses who outsource their IT administration and , needless to say , an attacker with an admin account has all the aces . Security researchers at Preempt say Vulnerability-related.DiscoverVulnerability they discovered and disclosed Vulnerability-related.DiscoverVulnerability this vulnerability to Microsoft last August , and Microsoft has been working since then to create Vulnerability-related.PatchVulnerability the patch released Vulnerability-related.PatchVulnerability this week . Now it ’ s out there , it ’ s a race against time to make sure you aren ’ t an easy target for an attacker who wants to try and kick the tires on this vulnerability . Obviously , patch as soon as possible and please follow Microsoft ’ s guidance carefully : Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers . We recommend that administrators apply the policy and set it to “ Force updated clients ” or “ Mitigated ” on client and server computers as soon as possible . These changes will require a reboot of the affected systems . Pay close attention to Group Policy or registry settings pairs that result in “ Blocked ” interactions between clients and servers in the compatibility table later in this article . Both the “ Force updated clients ” and “ Mitigated ” settings prevent RDP clients from falling back to insecure versions of CredSSP . The “ Force updated clients ” setting will not allow services that use CredSSP to accept unpatched clients but “ Mitigated ” will .

Check Point ’ s mobile security researchers have discovered a new ransomware in Google Play , dubbed Charger . Charger was found embedded in an app called EnergyRescue . The infected app steals Attack.Databreach contacts and SMS messages from the user ’ s device and asks for admin permissions . If granted , the ransomware locks the device and displays Attack.Ransom a message demanding payment Attack.Ransom . Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and installed Charger . The early detection enabled them to quickly disclose the findings to Android ’ s Security team that added the malware to Android ’ s built-in protection mechanisms before it began to spread , ensuring only a handful of devices were infected . Unlike most malware found on Google Play , that contains a dropper that later downloads the real malicious components to the device , Charger uses a heavy packing approach . This makes it harder for the malware to stay hidden . Charger ’ s developers compensated for this using a variety of techniques to boost its evasion capabilities so it could stay hidden on Google Play for as long as possible . These included : The ransom demand Attack.Ransom is for 0.2 Bitcoins or roughly $ 180 and is much higher than what has been seen in previous mobile ransomware attacks Attack.Ransom . By comparison , the DataLust ransomware demanded Attack.Ransom merely $ 15 and could be an indicator of a wider effort by mobile malware developers to catch up with their PC ransomware cousins . Similar to other malware seen in the past , Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine , Russia , or Belarus . This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries

Imagine turning on your smartphone to send a text and finding this threatening notice instead : “ You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes . WE GIVE 100 % GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT . WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER ! TURNING OFF YOUR PHONE IS MEANINGLESS , ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS ! WE STILL CAN SELLING IT FOR SPAM , FAKE , BANK CRIME etc . We collect and download Attack.Databreach all of your personal data . All information about your social networks , Bank accounts , Credit Cards . We collect Attack.Databreach all data about your friends and family . '' This is the message , word for word , found recently by Oren Koriat and Andrey Polkovnichenko , a pair of mobile cybersecurity analysts at Check Point , a security firm in California . The smartphone on which it appeared was an Android model that had been compromised by smartphone ransomware . Ransomware has become a ubiquitous threat to personal-computer users . Criminals remotely access a victim 's computer and lock all the files using encryption software , offering to unlock the data in exchange for a payment Attack.Ransom . The first ransomware attack Attack.Ransom on a phone occurred in 2013 , according to the Check Point researchers , but until now has been confined to small numbers of victims , primarily in Eastern Europe . Now , the company says , the threat has gained a toehold in the United States . Koriat and Polkovnichenko found the software , which they dubbed Charger , embedded in an app called Energy Rescue , which purports to make a phone battery last longer . `` The infected app steals Attack.Databreach contacts and SMS messages from the user ’ s device and asks for admin permissions , '' the company said in a statement . `` If granted , the ransomware locks the device and displays Attack.Ransom a message demanding payment Attack.Ransom . '' The payment demanded Attack.Ransom was 0.2 bitcoin , or about $ 180 at the current exchange rate . ( The phone was being used for business and did n't contain much personal data ; the owner chose to replace the phone rather than pay . ) The most disturbing part of the attack might be that the app was downloaded from the Google Play store . Android phones can use apps from other sources , but security experts usually recommend that users stick to the Play store to take advantage of the processes Google uses to check the software for safety . `` The main issue here is the fact that such a severe threat managed to penetrate Google 's security and enter Google Play , Google 's official app store , '' says Daniel Padon , another member of Check Point 's research team . `` Most malware that manages to enter Google Play has only slim malicious traits , while Charger is about as malicious as can be . As mobile ransomware try to keep the pace with their cousins in the PC world , we are likely to see more efforts of this sort , endangering users around the world . '' Padon added that this malware was particularly sophisticated , using a number of innovative tactics to evade detection by Google . Google commended the security firm for catching the Charger threat so early . `` We appreciate Check Point ’ s efforts to raise awareness about this issue , '' a Google spokesperson says . `` We ’ ve taken the appropriate actions in Play and will continue to work closely with the research community to help keep Android users safe . '' Ransomware attacks on mobile phones are still relatively rare . One well-known case involved users of pornography apps in Eastern Europe who were targeted by ransomware called DataLust , Check Point says . In those cases , the ransom Attack.Ransom was set at 1,000 rubles , or about $ 15 . There 's evidence that Charger , too , comes from Eastern Europe—beyond the clichéd bad grammar of the ransom note . `` This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries . '' Ransomware attacks Attack.Ransom are joining a growing list of threats to mobile phone securit

In recent years , ransomware has become a growing concern for companies in every industry . Between April 2015 and March 2016 , the number of individuals affected by ransomware surpassed 2 million — a 17.7 % increase from the previous year . Ransomware attacks function by breaching systems , usually through infected email , and locking important files or networks until the user pays a specified amount of money . According to FBI statistics cited in a Malwarebytes report , hackers gained more than $ 209 million from ransomware payments Attack.Ransom in the first three months of 2016 , putting ransomware on track to rake in nearly $ 1 billion this year . But as a result of increased ransom-avoidance , cybercriminals have created an even more insidious threat . Imagine malware that combines ransomware with a personal data leak Attack.Databreach : this is what the latest threat , doxware , looks like . With doxware , hackers hold computers hostage Attack.Ransom until the victim pays the ransom Attack.Ransom , similar to ransomware . But doxware takes the attack further by compromising Attack.Databreach the privacy of conversations , photos , and sensitive files , and threatening to release them publicly unless the ransom is paid Attack.Ransom . Because of the threatened release , it 's harder to avoid paying the ransom Attack.Ransom , making the attack Attack.Ransom more profitable for hackers . In 2014 , Sony Pictures suffered an email phishing malware attack Attack.Phishing that released Attack.Databreach private conversations between top producers and executives discussing employees , actors , industry competitors , and future film plans , among other sensitive topics . And ransomware attacks Attack.Ransom have claimed a number of recent victims , especially healthcare systems , including MedStar Health , which suffered a major attack Attack.Ransom affecting 10 hospitals and more than 250 outpatient centers in March 2016 . Combine the data leak Attack.Databreach of Sony and the ransomware attack Attack.Ransom on MedStar and you can see the potential fallout from a doxware attack . Doxware requires strategic , end-to-end planning , which means hackers will target their victims more deliberately . Looking at the data leaked Attack.Databreach from Sony , it 's easy to imagine the catastrophic effect doxware would have on an executive of any major corporation . Company leaders hold countless conversations over email each day on sensitive topics ranging from product development to competition to internal politics , and if there 's a doxware attack , the fallout could be extensive . Expect Things to Get WorseThe technology behind doxware is still new , but expect the problem to become worse . Recent attacks have been contained to Windows desktop computers and laptops , but this will certainly change . Once the malware can infiltrate mobile devices , the threat will become even more pervasive , with text messages , photos , and data from apps at risk for being leaked Attack.Databreach . It 's also highly likely that doxware will target more types of files . Workplace emails are currently a big target for hackers . However , a company 's internal communications/instant messaging network is also appealing to hackers using doxware , as the messaging network often serves as a platform where both sensitive business discussion and casual conversations take place , potentially exposing both company secrets and personally embarrassing exchanges . One of these variants hold files ransom Attack.Ransom with the threat of release and then steals Attack.Databreach a victim 's passwords . Another mutation , Popcorn Time , takes doxware even further giving victims the option to infect two of their friends with the malware instead of paying the ransom Attack.Ransom .