News


  • Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

    June 18, 2019

    We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as  AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are embedded in apps that the operators repackaged from legitimate ...

  • Plurox: Modular backdoor

    June 18, 2019

    In February this year, a curious backdoor passed across our virtual desk. The analysis showed the malware to have a few quite unpleasant features. It can spread itself over a local network via an exploit, provide access to the attacked network, and install miners and other malicious software on victim computers. What’s more, the backdoor ...

  • Making the Most of the NIST Cybersecurity Framework

    June 17, 2019

    The NIST Cybersecurity Framework has become a valuable tool for evaluating security across a variety of business sectors. Originally published in 2014 and targeting critical infrastructure, the framework continues to evolve to meet the changing needs of organizations in the U.S. and around the world. Its popularity stems from its thoroughness, applicability, and approachability. Our guests today are ...

  • Houdini malware targets victims with keylogger, online bank account theft tools

    June 17, 2019

    A new variant of the Houdini malware has been detected in campaigns against financial institutions and their customers. Last week, cybersecurity researchers from Cofense said in a blog post that the new strain of Houdini — also known as HWorm — was released by its author on June 2, 2019. Dubbed WSH Remote Access Tool (RAT), it took the ...

  • Game Over for GandCrab: New free decryption tool allows victims to unlock all versions of this ransomware

    June 17, 2019

    A new decryption tool that counters one of the most prolific families of ransomware by allowing victims to retrieve their files for free has been released in a collaborative effort by Europol, the FBI, cybersecurity company Bitdefender, and others. The latest version of the GandCrab decryptor neutralises the most recent incarnations of the file-locking malware – ...

  • New Echobot malware is a smorgasbord of vulnerabilities

    June 17, 2019

    If there’s one thing that seems to have no end in sight is malware authors putting their own spin on the old Mirai malware and creating new botnets to haunt the IoT and enterprise landscapes. Not a month goes by without a new major botnet appearing out of nowhere and launching massive attacks against people’s smart ...

  • U.S. Escalates Online Attacks on Russia’s Power Grid

    June 15, 2019

    The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said. In interviews over the past three months, the officials described the previously ...

  • AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

    June 14, 2019

    Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API misconfiguration in the open-source version of the popular DevOps tool ...

  • Two hacking groups responsible for huge spike in hacked Magento 2.x stores

    June 12, 2019

    Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security. This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March to April, and again ...

  • RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory

    June 12, 2019

    A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side ...

  • Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

    June 12, 2019

    Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware. Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight ...

  • New FormBook Dropper Harbors Obfuscation, Persistence

    June 12, 2019

    Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities. Researchers are warning that a future data-theft attack may be brewing after discovering a new sample of the FormBook malware, with a never-before-seen dropper — i.e. a malicious file that is used in the initial infection stage and installs malware on the system. FormBook, ...

  • FBI Issues Warning on ‘Secure’ Websites Used For Phishing

    June 10, 2019

    The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser’s address bar to check if the current page is served by a website secured using a ...

  • MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

    June 10, 2019

    We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as its connection to four Android malware ...

  • Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

    June 9, 2019

    Linux users, beware! If you haven’t recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed ...

  • Ancient ICEFOG APT malware spotted again in new wave of attacks

    June 7, 2019

    Malware developed by Chinese state-sponsored hackers that was once thought to have disappeared has been recently spotted in new attacks, in an updated and more dangerous form. Spotted by FireEye senior researcher Chi-en (Ashley) Shen, the malware is named ICEFOG (also known as Fucobha). It was initially used by a Chinese APT (advanced persistent threat, a technical ...

  • DHS Works to Fix Cybersecurity Issues

    June 7, 2019

    The Department of Homeland Security made progress addressing the problems with its patch management and security efforts. The DHS inspector general issued its semi-annual report describing how the agency worked on its internal cybersecurity deficiencies. DHS closed one previous OIG recommendation and resolved two others to better secure information, according to the watchdog report submitted Wednesday to Congress. The ...

  • Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

    June 7, 2019

    An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed ...

  • New RCE vulnerability impacts nearly half of the internet’s email servers

    June 7, 2019

    A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today. The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients. According to a June 2019 survey of all mail servers ...

  • UK ‘Particularly Vulnerable’ To Cyber Attack, MPs Warn

    June 6, 2019

    Public Accounts Committee report warns that the UK is extremely vulnerable due to its advanced digital economy The Public Accounts Committee (PAC) has warned in a new report that the United Kingdom is now more than ever, “particularly vulnerable to the risk of cyber attacks.” It said that because the UK is one of the world’s leading digital economies ...