News


  • Cathay Pacific hack: Airline admits techies fought off cyber-siege for months

    November 12, 2018

    Fresh from belatedly admitting that 9.4 million passengers’ personal data was stolen by hackers, Hong Kong airline Cathay Pacific has now admitted that it was under attack for three solid months before it took half a year to tell anyone. In its initial public statement on the hack, which saw names, nationalities, dates of birth, addresses, ...

  • Cisco Accidentally Released Dirty Cow Exploit Code in Software

    November 8, 2018

    Cisco revealed that it had “inadvertently” shipped an in-house exploit code that was used in test scripts as part of  its TelePresence Video Communication Server and Expressway Series software. Cisco Systems revealed in a security bulletin Wednesday that it “inadvertently” shipped in-house exploit code that was used in security tests of scripts as part of its ...

  • US Cyber Command starts uploading foreign APT malware to VirusTotal

    November 8, 2018

    On Monday, the Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command (USCYBERCOM), set in motion a new initiative through which the DOD would share malware samples it discovered on its networks with the broader cybersecurity community. The CNMF kicked off this new project by creating an account on VirusTotal, an online file scanning service that ...

  • IoT security: Why it will get worse before it gets better

    November 7, 2018

    There are billions of connected devices in use around the world, in our homes, our offices, even inside our bodies as medical devices are connected to an ever-growing internet of things (IoT). Vendors rush to add to the range of devices available, with many looking to gain a hold in the market as quickly as possible, delivering ...

  • Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

    November 7, 2018

    A sophisticated proxy code has infected hundreds of thousands of devices already. A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam. The botnet first emerged in September, according to 360Netlab telemetry, ...

  • Healthcare Targeted by 37 Percent of All Ransomware Attacks in Q3 2018

    November 7, 2018

    During the third quarter of 2018 ransomware attacks were at an all-time high and the ransoms asked from organizations to decrypt the locked files were also on the rise according to a report from Beazley Breach Response (BBR) Services. According to their analysis, the number of ransomware attacks more than doubled during September when compared to ...

  • VirtualBox zero-day published by disgruntled researcher

    November 7, 2018

    A Russian security researcher has published details about a zero-day vulnerability affecting VirtualBox, an Oracle software application for running virtual machines. According to a text file uploaded on GitHub, Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute ...

  • Cloud, cars and IoT could change grid cybersecurity

    November 6, 2018

    The proliferation of connected devices including electric cars could provide grid operators with an operational view of cybersecurity threats and change the way the grid is secured, said Karen Evans, assistant secretary of the Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response. While experts generally consider the internet of things to be a risky ...

  • ‘Almost all’ Pakistani banks hacked in security breach, says FIA cybercrime head

    November 6, 2018

    In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from “almost all” Pakistani banks was stolen in a recent security breach. “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday. When ...

  • HSBC discloses security incident

    November 6, 2018

    Banking giant HSBC disclosed on Monday a security incident that impacted an undisclosed number of the institution’s customers. “HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018,” the bank wrote in a data breach notification lettersubmitted to Californian authorities. The bank said it suspended access to online accounts ...

  • Apache Struts Warns Users of Two-Year-Old Vulnerability

    November 6, 2018

    Users must update their vulnerable libraries manually. The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually. The critical bug in Commons FileUpload library is a known vulnerability (CVE-2016-1000031) that enables ...

  • Hack the Air Force 3.0 Bug Bounty Announced by USAF

    November 6, 2018

    The Hack the Air Force 3.0 bug bounty program organized in collaboration with HackerOne has been announced by the U.S. Air Force to take place from October 19 to November 5. “Up to 600 eligible applicants will be invited to participate in the challenge. Invitations will be issued to eligible participants during the challenge at regular ...

  • States activate National Guard cyber units for US midterm elections

    November 5, 2018

    At least three US states have activated and put National Guard cyber-security units on standby for midterm elections. The three states are Washington, Illinois, and, more recently, Wisconsin. According to officials, these cyber-security teams will be prepared to assist state election officials in the event of a cyber-security incident during the elections. Illinois officials have activated National ...

  • Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

    November 5, 2018

    We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected ...

  • Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks

    November 5, 2018

    The Inception threat group has been observed exploiting the CVE-2017-11882 Microsoft Office memory corruption vulnerability and a PowerShell-based backdoor dubbed POWERSHOWER in their most recent multi-stage attack campaign during October 2018. Inception was seen in action since at least 2014, using multiple highly automated malware toolkits targeting a vast array of industries and platforms from all ...

  • New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

    November 3, 2018

    A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities ...

  • Two botnets are fighting over control of thousands of unsecured Android devices

    November 2, 2018

    Two botnet gangs are fighting to take control over as many unsecured Android devices as they can to use their resources and mine cryptocurrency behind owners’ backs. The turf war between these two botnets –one named Fbot and the other named Trinity– has been going on for at least a month if we’re to combine the ...

  • Eurostar Resets All Customer Passwords After ‘Attempted’ Hack

    November 2, 2018

    The incident, which took place in mid-October, follows major breaches at several airlines — but this time around no payment details were affected Eurostar has reset all customers’ online passwords after detecting an “attempted” hack, the rail company confirmed. The incident follows major breaches at several airlines. Eurostar customers reported receiving emails from Eurostar earlier this week notifying ...

  • Hackers obtain nuclear power plant plans in France

    November 2, 2018

    Thousands of sensitive documents pertaining to nuclear power plants, prisons and tram networks have been stolen from the servers of a French company in a cyberattack, German and French media have reported Friday. The data illegally accessed from the French company Ingerop back in June amounted to more than 65 gigabytes, according to reports by German ...

  • Microsoft regularly shared data of India bank customers with US intelligence agencies, claims report

    November 2, 2018

    Technology company Microsoft has routinely shared the financial details of Indian bank customers with intelligence agencies in the United States, DNA reported on Tuesday. According to the newspaper, the Reserve Bank of India flagged its concerns on the matter in a risk assessment report it has placed before banks’ audit committees. The central bank found that the data ...