News


  • Police Shut Down xDedic – An Online Market for Cyber Criminals

    January 29, 2019

    In an international operation involving law enforcement authorities from the U.S. and several European countries, feds have shut down an online underground marketplace and arrested three suspects in Ukraine. Dubbed xDedic, the illegal online marketplace let cybercriminals buy, sell or rent out access to thousands of hacked computers and servers across the world and personally identifiable ...

  • Global ransomware could cost almost $200bn

    January 29, 2019

    A global ransomware attack could cost $193 billion and affect more than 600,000 businesses worldwide, according to a new report. The report is called ‘Bashe Attack: Global infection by contagious malware’ and has been compiled by a Singapore-based public-private initiative called Cyber Risk Management. Lloyds of London is one of the initiatives founding members and posted ...

  • The C-suite could be the blind spot in your cyber security strategy

    January 28, 2019

    The cyber security skills gap is a business challenge that isn’t going anywhere soon – in fact, it’s an issue that’s looming larger on the horizon than ever before. Almost two-thirds of businesses (63%) believe they have a security skills gap, according to research from non-profit association (ISC)², with more than half of these believing their business ...

  • Hackers are going after Cisco RV320/RV325 routers using a new exploit

    January 27, 2019

    Security researchers have observed ongoing internet scans and exploitation attempts against Cisco RV320 and RV325 WAN VPN routers, two models very popular among internet service providers and large enterprises. ttacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco RV320 and RV325 vulnerabilities. The vulnerabilities are: CVE-2019-1653 – allows a remote attacker to get sensitive device configuration details ...

  • Japanese government plans to hack into citizens’ IoT devices

    January 27, 2019

    The Japanese government approved a law amendment on Friday that will allow government workers to hack into people’s Internet of Things devices as part of an unprecedented survey of insecure IoT devices. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal ...

  • LabKey Vulnerabilities Threaten Medical Research Data

    January 25, 2019

    LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. A trio of vulnerabilities in a popular open source medical data collaboration tool leaves important healthcare research data and potentially subject information open to multiple cross site scripting (XSS) attacks. The flaws are serious as they ...

  • ‘Chaos’ iPhone X Attack Alleges Remote Jailbreak

    January 25, 2019

    The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS. A Chinese security researcher has published what he claims is a proof-of-concept exploit that would allow a remote attacker to jailbreak an iPhoneX, unbeknownst to the user – allowing them to gain access to a victim’s data, processing power ...

  • GreyEnergy’s overlap with Zebrocy

    January 24, 2019

    In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has ...

  • Malvertising campaign targets Apple users with malicious code hidden in images

    January 24, 2019

    Apple users continue to be some of the favorite targets of malvertising campaigns, according to a report published this week by cyber-security firm Confiant. The report describes a new malvertising group called VeryMal that’s been going after Apple users, with the latest campaigns employing steganography techniques to hide malicious code inside ad images to avoid detection. The Confiant report comes ...

  • Bit-and-Piece DDoS Method Emerges to Torment ISPs

    January 24, 2019

    Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. A pioneering distributed denial-of-service (DDoS) attack pattern has emerged, targeting internet service providers (ISPs) with something researchers have dubbed the bit-and-piece “Mongol” attack. The approach involves spreading out junk traffic across ...

  • Trojans lead siege on businesses for second year running

    January 23, 2019

    Security software firm Malwarebytes has released its annual ‘State of Malware 2019‘ report which analyses the prevalence of different forms of malware and shows how each type is being used to attack businesses and consumers. Following its quarterly report released in October, Malwarebytes report that for the second year in a row, Trojans are leading the siege on ...

  • U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks

    January 23, 2019

    An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks. The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System (DNS) security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned ...

  • Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

    January 22, 2019

    Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by ...

  • Government Should Name And Shame Companies With Poor Cyber Security, Say Academics

    January 22, 2019

    The UK government should name and shame companies whose cyber security measures fail to protect consumers’ data, according to a new report from King’s College London’s Cyber Security Research Group, which promotes research into cyber security, and the Policy Institute, an independent research institution which works to solve societal challenges with evidence. The report, called UK Active ...

  • GandCrab ransomware and Ursnif virus spreading via MS Word macros

    January 21, 2019

    Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing ...

  • New Phobos ransomware exploits weak security to hit targets around the world

    January 21, 2019

    A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world. Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWare have detailed how it shares a number of ...

  • DarkHydrus abuses Google Drive to spread RogueRobin Trojan

    January 21, 2019

    The DarkHydrus advanced persistent threat (APT) group is back and this time is not only using Windows vulnerabilities to infect victims but is also abusing Google Drive as an alternative communications channel. Last week, researchers from the 360 Threat Intelligence Center (360TIC) said the hackers have a new campaign underway which is focusing on targets in the Middle ...

  • Google Fined €50 Million by French Watchdog for Lack of Transparency

    January 21, 2019

    Google was hit with a €50 (56,8) million financial penalty in accordance with the General Data Protection Regulation (GDPR) by the Commission Nationale de l’informatique et des Libertés (CNIL) for violating transparency and information obligations and for not obtaining user consent for processing data for ads personalization purposes. The French watchdog’s fine against Google follows complaints filed by None Of Your Business ...

  • Cumbria health trust hit by 147 cyber attacks in five years

    January 19, 2019

    The NHS in Cumbria has been hit by more than 150 cyber attacks in five years, the BBC can reveal. Of these, 147 were directed at University Hospitals of Morecambe Bay NHS Trust (UHMBT), which runs hospitals in Barrow, Kendal, Morecambe and Lancaster. The trust said it had spent £29,600 in 2017 dealing with the effects of ...

  • WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    January 18, 2019

    Details have been published today about a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. Discovered by Embedi researcher Denis Selianin, the vulnerability impacts ThreadX, a real-time operating system (RTOS) that is used as firmware for ...