News


  • Trickbot Watch: Arrival via Redirection URL in Spam

    May 20, 2019

    Trend Micro discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. In this particular case, the variant used Google to redirect from the URL hxxps://googledm:443/url?q=<trickbot downloader>, whereby the URL in the query string, url?q=<url>, is the malicious URL that the user is redirected to. ...

  • Google deals Huawei major blow by cutting Android licence

    May 20, 2019

    Google is set to revoke Huawei’s access to its Android mobile operating system, dealing the Chinese company a major blow in accordance with US sanctions. Other than Apple devices which run on iOS, smartphones makers including Samsung and LG are almost all dependent on the Google-developed Android operating system to power their devices. According to reports by ...

  • Security researchers discover Linux version of Winnti malware

    May 20, 2019

    For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...

  • GDPR: How Europe’s digital privacy rules have changed everything

    May 20, 2019

    On 25 May 2018 the European Union’s General Data Protection Regulation (GDPR) came into force. At its heart, GDPR set out to update rules around privacy and consent for the digital age and to ensure that organisations are responsible in their handling of their customers’ personal data – and that those customers are aware of how their data is ...

  • Overcoming the Challenge of Reactivity in Incident Response

    May 17, 2019

    This is the first blog in a three-part series where we’ll examine how security teams manage incident response processes. Here, we’ll highlight the challenges that security teams face when trying to mitigate incidents and how constraints force many teams into taking a reactive approach. This leads to incident response teams feeling the stress of scrambling to protect their business ...

  • Mobile Risks Boom in a Post-Perimeter World

    May 16, 2019

    Cybercriminals are now taking a mobile-first approach to hacking the enterprise. Case in point, last month a half-billion Apple iOS users were stung by an attack exploiting an unpatched bug in Chrome for iOS. Crooks managed to hijack user session and redirect traffic to malicious websites booby-trapped with malware. Attacks like these demonstrate just how widespread and effective ...

  • Goznym Malware: Cybercriminal Network Dismantled In International Operation

    May 16, 2019

    An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network. The criminal network used GozNym malware in an attempt to steal an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions. A criminal Indictment returned by a federal grand jury in Pittsburgh, USA charges ...

  • Spam and phishing in Q1 2019

    May 15, 2019

    As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as ...

  • May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

    May 15, 2019

    Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately ...

  • Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call

    May 14, 2019

    WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp’s VOIP function. An attacker would need to call a target and ...

  • Intel CPUs Impacted By New Class of Spectre-Like Attacks

    May 14, 2019

    A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing ...

  • Unsecured server exposes data for 85% of all Panama citizens

    May 13, 2019

    An Elasticsearch server left connected to the internet without a password, or firewall protection, has leaked what appears to be personal records and patient information for roughly 85 percent of Panama’s citizens. The leaky server was found online last week by Bob Diachenko, founder and security researcher with Security Discovery. The Elasticsearch server, a technology used to power fast ...

  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear

    May 13, 2019

    A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices. Named Thrangrycat, the vulnerability impacts the Trust Anchor module (TAm), a proprietary hardware security chip part of Cisco gear since 2013. This module is the Intel SGX equivalent for Cisco devices. The TAm ...

  • Two years after WannaCry, a million computers remain at risk

    May 12, 2019

    Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had spread across ...

  • ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks

    May 11, 2019

    The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in a campaign that continued over the course of 2018, the group used ...

  • North Korea debuts new Electricfish malware in Hidden Cobra campaigns

    May 10, 2019

    The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have released a joint security advisory warning of a new strain of malware being used in North Korean cyberattacks. Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and ...

  • Lax Telco Security Allows Mobile Phone Hijacking and Redirects

    May 9, 2019

    As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for ...

  • FIN7.5: the infamous cybercrime rig “FIN7” continues its activities

    May 8, 2019

    On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to ...

  • Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

    May 7, 2019

    Hacking tools allegedly developed by the National Security Agency (NSA) were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with the Chinese government known as Buckeye (a.k.a. APT3 or Gothic ...

  • INTERPOL World 2019 Programme Takes on a New Format

    May 7, 2019

      Press Release The world’s largest international police organization, INTERPOL, has announced that the third edition of INTERPOL World will take place from 2 to 4 July 2019 at Sands Expo & Convention Centre, Marina Bay Sands Singapore. Owned by INTERPOL and supported by Singapore’s Ministry of Home Affairs, this year’s edition will focus on the theme of ‘Engaging ...