News


  • The Rise of Physical Crime in the Cybercrime Underground

    January 14, 2019

    While underground forums have long been the purview of digital or internet-enabled crimes, recent developments have shown signs of increasing synergy and interaction between traditional criminals and cybercrime actors. Given the nature of the underground, it shouldn’t be a surprise that even traditional criminals communicate and even sell their wares via these underground forums. Is it ...

  • Goldman Sachs leads $8M round in cyber security skills platform Immersive Labs

    January 14, 2019

    Immersive Labs, a cyber security skills platform founded by James Hadley, who used to be a researcher at GCHQ, has raised $8 million in Series A funding. Leading the round is Goldman Sachs, with participation from a number of unnamed private investors. Operating in the cyber security training space, Immersive Labs  helps enterprise IT and other cyber security ...

  • How a hacked phone may have led killers to Khashoggi

    January 13, 2019

    Jamal Khashoggi probably thought the messages he was sending to fellow Saudi dissident Omar Abdulaziz were hidden, cloaked in WhatsApp security. In reality they were compromised — along with the rest of Abdulaziz’s phone, which had allegedly been infected by Pegasus, a powerful piece of malware designed to spy on its users. Abdulaziz, as CNN reported last ...

  • Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

    January 12, 2019

    Historically, Ryuk has been considered a targeted ransomware that scopes out a target, gained access via Remote Desktop Services or other direct methods, stole credentials, and then targeted high profile data and servers to extort the highest ransom amount possible. Ryuk has been a high profile ransomware due to its wide impact on the networks it infects, high ransom ...

  • These are the courses UK police are set to take in cybersecurity

    January 11, 2019

    As law enforcement in the UK and beyond are now expected to tackle the plague of cybersecurity-related fraud, scams, and crimes being committed for the purposes of identity theft and financial gain, they must also now become familiar with the threats, concepts, and — at the least — the basics in how such attacks are ...

  • A Zebrocy Go Downloader

    January 11, 2019

    Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy ...

  • TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

    January 11, 2019

    The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has ...

  • Army ready to embrace AI

    January 11, 2019

    Army’s acquisition organization is still working out its IT strategy, but it has laser focus on weaving artificial intelligence into the force. Army acquisition head, Bruce Jette told reporters at the Defense Writers Group breakfast Jan. 10 in Washington, D.C., that while the department isn’t where he’d like it to be, the ultimate goal is to ...

  • China Tightens Grip On Blockchain-Based Services

    January 11, 2019

    Users of blockchain-based information services will have to register their real names and identity numbers in latest crackdown – even as Hong Kong moves to attract virtual asset traders China has tightened regulatory pressure on blockchain-based information services, in an effort to ensure that authorities can trace any information posted online in the country back to the person ...

  • ‘Unprecedented’ DNS Hijacking Attacks Linked to Iran

    January 10, 2019

    The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran. A wave of DNS hijacking attacks targeting victims in North America, Europe, Middle East and North Africa have been linked to Iran. The attacks, which have been ongoing over the past two years, have had “a high degree of success” ...

  • Over 202 Million Chinese Job Seekers’ Details Exposed On the Internet

    January 10, 2019

    Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an American ...

  • Hyatt Hotels launches bug bounty program

    January 10, 2019

    Hyatt Hotels has launched a bug bounty program in light of recent card-skimming attacks against the hospitality chain. On Wednesday, the company said the new initiative will be hosted on bug bounty program HackerOne and is designed to allow Hyatt to “tap into the vast expertise of the security research community to accelerate identifying and fixing ...

  • Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker

    January 9, 2019

    Remember “The Shadow Brokers” and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA ...

  • Vietnam accuses Facebook of violating new cybersecurity law

    January 9, 2019

    Facebook was defending itself on Wednesday against allegations that it allows illegal content in violation of Vietnam’s new cybersecurity law. The social media giant said it had restricted such content and is in discussions with the government. “We have a clear process for governments to report illegal content to us, and we review all those requests ...

  • New tool automates phishing attacks that bypass 2FA

    January 9, 2019

    A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka –the English pronunciation of the Polish word for mantis– this new tool was created ...

  • Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

    January 8, 2019

    Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications. Zerodium—a startup by the infamous French-based company Vupen that buys and sells ...

  • Ransomware MongoLock Immediately Deletes Files, Formats Backup Drives

    January 8, 2019

    We have been following a new wave of MongoLock ransomware attacks that immediately deletes files upon infection instead of encrypting it, and further scans for other available folders and drives for file deletion. In the wild since December 2018, the ransomware demands a payment of 0.1 bitcoin from victims within 24 hours to retrieve the ...

  • New hardware-agnostic side-channel attack works against Windows and Linux

    January 7, 2019

    A team of five academics and security researchers has published a research paper today detailing a new side-channel attack that effective against operating systems like Windows and Linux. The novelty in this paper is that unlike many of the previous side-channel attacks , this one is hardware-agnostic, and in some cases, it can be carried out remotely. The attack ...

  • GandCrab Operators Use Vidar Infostealer as a Forerunner

    January 7, 2019

    Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files. Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to ...

  • Your Word is Your Bond: Trust and Ethics in Underground Forums

    January 7, 2019

    Although the general public thinks of underground forums as a place where scams and suspicious dealings are rampant, the opposite is usually true: the threat actors who inhabit these sites often consider their reputation a major asset. Many of the individuals and groups in underground forums go to great lengths to ensure that transactions go through ...