News


  • Dridex banking Trojan compromises FTP sites in new campaign

    January 19, 2018

    Researchers have discovered the Dridex banking Trojan has once again evolved and is now using compromised FTP websites in phishing campaigns. The Trojan was first spotted back in 2014 after targeting banks in the United Kingdom. Since then, Dridex has become infamous for striking financial institutions across Europe. The malware spreads through phishing campaigns, duping victims into downloading ...

  • A Secret Hacking Group Is Using Android Malware to Spy on Thousands of People in 21 Countries, Research Finds

    January 19, 2018

    A shadowy hacking campaign has been operating out of a Beirut building owned by the Lebanese General Directorate of General Security for the last six years, stealing text messages, call logs, and files from journalists, military members, corporations, and other targets in 21 countries, according to a joint report released today by cybersecurity firm Lookout and digital ...

  • The Allianz Risk Barometer Ranks Top Risks For Global Corporations

    January 18, 2018

    The year ahead will be a perilous one for large global corporations according to a risk ranking report from Allianz, the global insurance company. Several of the risks overlap in the 2018 Allianz Risk Barometer which shows a great deal of fragility in a digitally connected business world. The leading risk is business interruption whose causes can range ...

  • Oman’s stock exchange was easily hackable for months

    January 18, 2018

    One of the largest stock exchanges in the Middle East has quietly fixed a security issue that could’ve let hackers gain unfettered access to the network. A core router for Oman’s stock exchange, the Muscat Securities Market, had both its username and password as “admin” for months, even after several attempts by a security researcher to ...

  • Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

    January 17, 2018

    Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Active since early 2016, Zyklon is an HTTP botnet malware ...

  • Oracle Ships 237 Fixes in Latest Critical Patch Update

    January 17, 2018

    Oracle has shipped 237 patches for vulnerabilities impacting hundreds of product versions as part of its latest quarterly critical patch update. Product lines coming in for some of the most fixes include Oracle Financial Services Applications, with 34, Fusion Middleware with 27, MySQL with 25 and Java SE with 21. In many cases, the vulnerabilities can be exploited ...

  • Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

    January 17, 2018

    Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on targeted devices, giving attackers ultimate remote control. Researchers said the malware was developed three years ago and has evolved significantly since then to include 48 ...

  • Trisis has the security world spooked, stumped and searching for answers

    January 16, 2018

    More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the ...

  • LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials

    January 16, 2018

    Canadian authorities have arrested and charged an Ontario man for operating a website that collected ‘stolen’ personal identity records and credentials from some three billion online accounts and sold them for profit. According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that compiled public ...

  • Hospital injects $60,000 into crims’ coffers to cure malware infection

    January 16, 2018

    A US hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records. The crooks had infected the network of Hancock Health, in Indiana, with the Samsam software nasty, which scrambled files and demanded payment to recover the documents. The criminals broke in around 9.30pm on January 11 after finding a ...

  • Now Meltdown patches are making industrial control systems lurch

    January 15, 2018

    Patches for the Meltdown vulnerability are causing stability issues in industrial control systems. SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains. Read ...

  • BlackBerry boosts security expertise with connected car offering

    January 15, 2018

    Connected vehicles will soon be able to benefit from a major security boostfollowing a new release by BlackBerry. The Canadian firm has revealed the launch of Jarvis, a cloud-based security platform that can provide real-time insights of code within a vehicle. With the industry still in its relative infancy, connected cars often contain components and software from a wide ...

  • New KillDisk Variant Hits Financial Organizations in Latin America

    January 15, 2018

    We came across a new variant of the disk-wiping KillDisk targeting financial organizations in Latin America. Trend Micro detects it as TROJ_KILLDISK.IUB. Trend Micro™ Deep Discovery™ proactively blocks any intrusions or attacks associated with this threat. Initial analysis (which is still ongoing) reveals that it may be a component of another payload, or part of a bigger ...

  • Brace yourselves for the ‘terabyte (sic) of death’, warns US army IT boss

    January 12, 2018

    The outgoing head of the Defense Information Systems Agency, which handles computer security for the US Department of Defense, has warned a massive cyber-attack is “looming” at the American military’s door. Over lunch on Thursday, Army Lieutenant General Alan Lynn, who retires in a few months, told the Armed Forces Communications and Electronics Association’s Washington chapter ...

  • Mobile SCADA application landscape less secure than in 2015

    January 11, 2018

    The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested. IOActive and Embedi security researchers looked at the security of mobile SCADA apps back in 2015 and security was not brilliant. They have now repeated that research, ...

  • FBI chief rekindles debate over unbreakable encryption

    January 9, 2018

    The cat and mouse game of security versus privacy continues as FBI Director Christopher Wray calls out unbreakable encryption as an “urgent public safety issue.” Throughout the past year, the FBI took possession of thousands of electronic devices. Approximately 7,800 devices were deemed impenetrable due to modern encryption techniques. Even though the FBI had the legal right to ...

  • CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

    January 9, 2018

    Microsoft’s workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools. Some anti-malware packages are incompatible with Redmond’s Meltdown patch, released last week, because the tools make, according to Microsoft, “unsupported calls into Windows kernel memory,” crashing the system with a blue screen of death. In extreme ...

  • Triple Meltdown: How So Many Researchers Found A 20-Year-Old Chip Flaw At The Same Time.

    January 7, 2018

    On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections. Two days earlier, in their lab at Graz’s University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to ...

  • Rush to fix ‘serious’ computer chip flaws

    January 4, 2018

    Tech firms are working to fix two bugs that could allow hackers to steal personal data from computer systems. Google researchers said one of the “serious security flaws”, dubbed “Spectre”, was found in chips made by Intel, AMD and ARM. The other, known as “Meltdown” affects Intel-made chips alone. The industry has been aware of the problem for ...

  • ​240,000 Homeland Security employees, case witnesses affected by data breach

    January 4, 2018

    The United States Department of Homeland Security (DHS) has confirmed the breach of the DHS Office of Inspector General (OIG) Case Management System (CMS), affecting approximately 247,167 individuals employed by DHS in 2014, as well as individuals including subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014. DHS issued a statement on ...