News


  • StrongPity APT Returns with Retooled Spyware

    July 17, 2019

    The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers. “The new malware samples have been unreported and generally appear to ...

  • Why Cities Are a Low-Hanging Fruit For Ransomware

    July 15, 2019

    Ransomware attacks against local governments and cities are repeatedly making headlines, with crippling results on city operations and budgets. Last month, the Florida city of Riviera Beach paid hackers $600,000 after being hit by a ransomware attack that downed its computer systems for three weeks. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted ...

  • Turla APT Returns with New Malware, Anti-Censorship Angle

    July 15, 2019

    The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. The Russian-speaking actors believed behind Turla named the dropper “Topinambour,” which is another word for the ...

  • Marriott Hit With $123M Fine For Massive 2018 Data Breach

    July 9, 2019

    The U.K.’s privacy watchdog is hitting Marriott International with a $123 million (£99 million) penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office (ICO) and comes only a day after the organization proposed a record $230 million fine against British Airways for its ...

  • Hackers breached Greece’s top-level domain registrar

    July 9, 2019

    State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el. ICS-Forth, which stands for the Institute of Computer Science of the Foundation for Research and Technology, publicly admitted to the security incident in emails it sent ot domain owners on April 19. The hackers behind the breach are the same group ...

  • Anubis Android Malware Returns with Over 17,000 Samples

    July 8, 2019

    The 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information ...

  • NHS must spend now to prevent devastation of ‘WannaCry 2.0’

    July 4, 2019

    The government must urgently pump more money into cyber securitywithin the NHS to plug gaps that render the healthcare system vulnerable to an attack more destructive than the WannaCry saga. Although many positive steps have been taken since the 2017 attack, a lack of investment, a deficit of skills and awareness, and the use of out-dated systems are ...

  • ‘Twas the night before

    July 4, 2019

    Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source. Accordingly, subscribers to ...

  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

    July 4, 2019

    Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea. This ...

  • Sodin ransomware exploits Windows vulnerability and processor architecture

    July 3, 2019

    When Sodin (also known as Sodinokibi and REvil) appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows (rare among ransomware), and uses legitimate processor ...

  • Making Intelligence Actionable: Cybersecurity Preparedness in the Credit Union Industry

    July 3, 2019

    As the threat landscape continues to evolve, organizations need to be increasingly proactive in their approach to cybersecurity. One industry that’s taken proactive measures toward cybersecurity preparedness is the credit union industry. Over the last couple of years, the National Credit Union Administration (NCUA) developed a tool called the Automated Cybersecurity Examination Tool (ACET) to help credit unions ...

  • Broadcom In ‘Advanced Talks’ To Acquire Symantec

    July 3, 2019

    Another software move for chipmaker, as Broadcom reportedly seeks to acquire security veteran Symantec Singapore-based Broadcom is to double down on its software foray with reports it is in “advanced talks” to acquire veteran security specialist Symantec. Broadcom of late has become acquisitive as it seeks to expand beyond its traditional chip business. In March 2018, President Donald ...

  • Cyberwarfare in space: Satellites at risk of hacker attacks

    July 2, 2019

    There’s an urgent need for NATO and its member countries to address the cybersecurity of space-based satellite control systems because they’re vulnerable to cyberattacks – and if left unaddressed, it could have severe consequences for global security, a new paper from a major thinktank on international affairs has warned. Almost all modern military engagements rely on space-based assets, ...

  • US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks

    July 2, 2019

    The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result. The idea is to use “retro” technology to isolate the grid’s most important control systems, to limit ...

  • US Cyber Command issues alert about hackers exploiting Outlook vulnerability

    July 2, 2019

    US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook ...

  • How the Stars are Aligning Around Zero Trust

    July 2, 2019

    The proper implementation of Zero Trust depends upon a well-defined strategy focused on a holistic approach towards protecting your data wherever it resides It’s no surprise that organizations moving to the cloud are looking at Zero Trust. Zero Trust provides a model for designing networks and systems to address the modern threat landscape. It is based ...

  • A Quick and Efficient Method For Locating the main () function of Linux ELF Malware Variants

    July 2, 2019

    Linux is a family of open source operating systems (OS) commonly used to run internet of things (IoT) devices and web servers. The prevalence of the OS, as expected, has turned it into a valuable target for cybercriminals casting wide nets to reach more potential victims. In the past few years, Linux systems have been susceptible ...

  • Phishing, ransomware are top cyberattacks on financial services firms

    July 1, 2019

    Phishing and ransomware attacks are the most reported types of cyberattacks on financial services firms, but in most cases the causes of outages were far more mundane. Financial services firms reported 819 cyber incidents to their watchdog, the Financial Conduct Authority (FCA), last year, a huge rise on the 69 incidents reported the year before. Retail banks were responsible ...

  • Island hopping: The latest security threat you should be aware of

    July 1, 2019

    While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...

  • Germany and the Netherlands to build the first ever joint military internet

    June 28, 2019

    Government officials from Germany and the Netherlands have signed an agreement this week to build the first-ever joint military internet. The accord was signed on Wednesday in Brussels, Belgium, where NATO defense ministers met this week. The name of this new Dutch-German military internet is the Tactical Edge Networking, or TEN, for short. This is the first time ...