News


  • Saipem servers suffer cyber attack in Middle East

    December 10, 2018

    Italian oil services company Saipem (SPMI.MI) said it had identified a cyber attack out of India on Monday that had primarily affected its servers in the Middle East. “We are collecting all the elements useful for assessing the impact on our infrastructures and the actions to be taken to restore normal activities,” the firm said in ...

  • Personal Information of 52.5 Million Exposed by New Google+ People API Bug

    December 10, 2018

    “With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” said David Thacker, G Suite Product Management VP. “In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019.” Google discovered the bug in ...

  • Old-School Bagle Worm Spotted in Modern Spam Campaigns

    December 10, 2018

    Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time. Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the ...

  • Australia’s controversial anti-encryption bill passes into law

    December 7, 2018

    The Australian government has passed the controversial Access and Assistance Bill 2018 into law. Since it gives authorities the right to demand access to encrypted forms of communication and to slap companies that refuse to cooperate with fines up to $7.3 million, it prompted tech giants like Apple to voice their opposition. Cupertino criticized the vague wording of its current version, ...

  • Industrial espionage fears arise over Chrome extension caught stealing browsing history

    December 7, 2018

    Valid arguments about a possible industrial espionage campaign are being raised surrounding a Google Chrome extension that was caught collecting browsing history, ZDNet has learned from ExtraHop, a real-time IT analytics firm. The company said today it detected the malicious code hidden inside a Google Chrome extension aimed at web developers. The extension, named Postman, is still ...

  • DarkVishnya: Banks attacked through direct connection to local network

    December 6, 2018

    While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In 2017-2018, Kaspersky Lab specialists were invited to research ...

  • IoT Botnets Behind 78% of Malware Network Events in 2018 According to Report

    December 6, 2018

    Internet of things (IoT) botnet activity during 2018 was behind roughly 78% of all network malware events detected by the NetGuard Endpoint Security solution deployed on more than 150 million devices according to a report by the Nokia Threat Intelligence Lab. The Nokia Threat Intelligence Report 2019 report was also performed using multiple malware sandboxes and honeypots, on both ...

  • New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

    December 6, 2018

    Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to ...

  • ESET discovers 21 new Linux malware families

    December 6, 2018

    Although Linux is a much more secure operating system compared to the more widely used Windows, it is not impervious to misconfigurations and malware infections. Over the past decade, the number of malware families targeting Linux has grown, but the total number of threats is still orders of magnitude under the malware numbers reported attacking Windows systems. This smaller ...

  • New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

    December 4, 2018

    A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour. What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin. Instead, ...

  • Senators Push for Data Breach and Privacy Legislation Following Marriot Breach

    December 3, 2018

    U.S. Democrat Senators Mark Warne, Ed Markey, and Richard Blumenthal published statements asking for the passage of data security and consumer privacy legislation by the Congress following the Marriot International hotel chain breach. The Marriott hotel chain disclosed a huge data breach on November 30 which affected 500 million customers who had their data stored in ...

  • Singapore banks offered $21M in funds to boost cybersecurity capabilities

    December 3, 2018

    Financial institutions in Singapore now have access to a S$30 million (US$21.88 million) grant that they can use to boost their cybersecurity operations and skillsets. Monetary Authority of Singapore (MAS) unveiled the new Cybersecurity Capabilities Grant that it said aimed to beef up the local financial sector’s cyber resilience and help banks develop local cybersecurity talent. Funded ...

  • U.S. Military Members Catfished and Hooked for Thousands of Dollars

    December 3, 2018

    Prisoners in South Carolina posed convincingly as beautiful women on social media platforms. A sextortion ring that aimed “catfish” efforts at U.S. military service members has been uncovered. The scam bilked 442 service members from the Army, Navy, Air Force and Marine Corps out of more than $560,000. An 11-month investigation, dubbed “Operation Surprise Party” and carried ...

  • UK’s NCSC Explains How They Handle Discovered Vulnerabilities

    December 1, 2018

    When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if ...

  • 500 Million Marriott Guest Records Stolen in Starwood Data Breach

    November 30, 2018

    The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W ...

  • New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools

    November 30, 2018

    MuddyWater is a well-known threat actor group that has been active since 2017. They target groups across Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. Most recently they were connected to a campaign in March that targeted organizations in Turkey, Pakistan, and Tajikistan. The group has been quite visible since the initial 2017 Malwarebytes ...

  • Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

    November 29, 2018

    British and Dutch data protection regulators Tuesday hit the ride-sharing company Uber with a total fine of $1,170,892 (~ 1.1 million) for failing to protect its customers’ personal information during a 2016 cyber attack involving millions of users. Late last year, Uber unveiled that the company had suffered a massive data breach in October 2016, exposing names, email ...

  • Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims

    November 29, 2018

    Symantec says the biz that accused it of conspiring with others to avoid independent security audits is “less than honest” and driven by a “thirst for profits.” “This is, at bottom, a case where one company’s thirst for profits has led it to brush aside the needs of its customers for more accurate testing of their ...

  • 57 Million Personal Info Records Leaked by Unprotected ElasticSearch Server

    November 28, 2018

    An unprotected Elasticsearch server indexed by the Shodan IoT search engine on November 14 exposed a 73 GB database of 57 million US citizens’ records. The publicly accessible server discovered by security researcher Bob Diachenko contained an Elasticsearch instance with a database of “first name, last name, employers, job title, email, address, state, zip, phone number, and ...

  • U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

    November 28, 2018

    The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictmentunsealed today at New Jersey court revealed. The duo used SamSam ransomware to ...