News


  • German States Approve Criminal Law Targeting Dark Web Infrastructure

    March 18, 2019

    Germany’s federal states have voted in favour of a measure to extend criminal sanctions against those providing infrastructure to so-called “dark web” sites used for illegal purposes, such as selling firearms, drugs or illegal content. The measure, which critics have called overly broad, is the latest sign of a crackdown in Europe and elsewhere on the internet’s perceived ...

  • London’s top attractions besieged by more than 100 million cyber attacks

    March 18, 2019

    Kew Gardens, National History Museum, Tate Gallery and Imperial War Museum have been hammered by a total of 109 million cyber attacks over the last few years according to Parliament Street. The research firm issued a Freedom of Information (FOI) request to the four leading tourist attractions in London to uncover just how secure their IT ...

  • Is it still a good idea to publish proof-of-concept code for zero-days?

    March 18, 2019

    More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by threat actors who usually start attacks within hours or days, and don’t give end-users enough time to patch impacted systems. There has been a debate about this issue, especially ...

  • Mirai Variant Goes After Enterprise Systems

    March 18, 2019

    The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises. Researchers have discovered a new variant of the infamous Mirai IoT botnet, which has been sniffing out and targeting vulnerabilities in enterprise wireless presentation and display systems since January. Palo Alto Network’s Unit 42 researchers said that the newest ...

  • Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web

    March 17, 2019

    A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace. This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which ...

  • UK cyber-security efforts criticised by audit office

    March 15, 2019

    The government has been told there are “failings” in the way it is planning to protect the UK’s critical infrastructure from cyber-attacks. The warning came in a National Audit Office (NAO) assessment of the UK’s national cyber-defence plan. The government is increasingly worried that these essential sectors will be targeted by foreign states seeking to disrupt UK ...

  • ASD reveals rules for keeping vulnerabilities secret

    March 15, 2019

    The Australian Signals Directorate (ASD) has quietly published its process for deciding when knowledge of cybersecurity vulnerabilities is kept secret. This is the first official acknowledgement that the ASD might not disclose all of the vulnerabilities it discovers. However, knowledge of secret vulnerabilities would have always been an essential part the agency’s toolkit for offensive cyber ...

  • Patched WinRAR Bug Still Under Active Attack – Thanks to No Auto-Updates

    March 15, 2019

    Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that was patched ...

  • Disrupting the Attack Chain Through Detecting Credential Dumping

    March 15, 2019

    There are various steps that an attacker must follow in order to execute any successful attack, with the initial compromise being just one stage in the overall attack chain. Once attackers have successfully breached the perimeter of an organization, they enter into the lateral movement phase where they attempt to tiptoe through a network, identifying ...

  • IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’

    March 14, 2019

    That’s according to researchers with Proofpoint, who found that in the past half year, a staggering 60 percent of Microsoft Office 365 and G Suite tenants have been targeted with IMAP-based password-spraying attacks; and 25 percent of those targeted experienced a full-on breach as a result. Password-spraying attacks are when an attacker attempts to access a large ...

  • Talking to RATs: Assessing Corporate Risk by Analyzing Remote Access Trojan Infections

    March 14, 2019

    Remote access trojans (RATs) on a corporate system may serve as a key pivot point to access information laterally within an enterprise network. By analyzing network metadata, Recorded Future analysts were able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks were communicating to those controllers. This approach allows Recorded Future to ...

  • Businesses warned over a new breed of BitLocker attacks

    March 14, 2019

    Devices protected using Microsoft BitLocker can be physically breached in a new form of attack that involves extracting the encryption keys from a computer’s Trusted Platform Module (TPM) chip. By hardwiring equipment into a computer’s motherboard, namely the TPM chip, attackers would be primed to access any sensitive corporate information stored on encrypted hard drives. This ...

  • The fourth horseman: CVE-2019-0797 vulnerability

    March 13, 2019

    The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. ...

  • Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

    March 12, 2019

    A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security ...

  • From Fileless Techniques to Using Steganography: Examining Powload’s Evolution

    March 12, 2019

    Powload’s staying power in the threat landscape shows how far it has come. In fact, the uptick of macro malware in the first half of 2018 was due to Powload, which was distributed via spam emails. Powload was also one of the most pervasive threats in the North American region in 2018, using various techniques to deliver payloads such ...

  • Island hopping: The latest security threat you should be aware of

    March 12, 2019

    While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...

  • North Korean Hackers Behind $571M Crypto Heists Says UN Report

    March 12, 2019

    North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council. According to the report provided by the panel which comes as a confirmation of what security researchers have previously reported, “cyberspace is used by the DPRK as ...

  • New SLUB Backdoor Uses GitHub, Communicates via Slack

    March 11, 2019

    In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin of the indicator that they shared. What we do know is that it was a screenshot from one of the client’s internal computers taken on ...

  • NASA’s crap infosec could be ‘significant threat’ to space ops

    March 11, 2019

    NASA’s Office of the Inspector General has once again concluded the American space agency’s tech security practices are “not consistently implemented”. Confirmation that the US government department’s infosec abilities are not up to scratch was a repeat of last year’s federally mandated security audit, which also found that processes and procedures were below par. Oversight personnel from ...

  • Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

    March 11, 2019

    Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by “international cyber criminals.” Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing ...