News


  • Stolen UK identities selling for as little as £10 on the dark web

    December 26, 2018

    Stolen personal data of UK citizens is selling for as little as £10 on the dark web, offering hackers all the information needed to carry out online fraud and identity theft, The Independent has discovered. So-called fullz – hacker slang meaning a “full ID” package – of UK citizens are being listed on several popular online black markets. A full ID ...

  • Five other countries formally accuse China of APT10 hacking spree

    December 21, 2018

    After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations. Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of ...

  • U.S. Indicts China-Backed Duo for Massive, Years-Long Spy Campaign

    December 20, 2018

    The homeland security implications are significant: the two, working with Beijing-backed APT10, allegedly stole sensitive data from orgs like the Navy and NASA. The Department of Justice on Thursday charged two Chinese hackers with stealing “hundreds of gigabytes” of data from more than 45 other governmental organizations and U.S.-based companies. This has potentially significant national security ramifications: ...

  • NASA discloses data breach

    December 19, 2018

    The US National Aeronautics and Space Administration (NASA) admitted today to getting hacked earlier this year. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said. The agency ...

  • URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader

    December 18, 2018

    As ransomware and banking trojans captured the interest – and profits – of the world with their destructive routines, cybersecurity practitioners have repeatedly published online and offline how cybercriminals have compartmentalized their schemes through exchange of information and banded professional organizations. As a more concrete proof of the way these symbiotic relationships and work flows intersect, we discovered a connection between EMOTET, URSNIF, DRIDEX and BitPaymer from open source information and ...

  • Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant

    December 18, 2018

    The group continues to evolve its custom malware in an effort to evade detection. The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go ...

  • DOD doesn’t keep track of duplicate or obsolete software

    December 18, 2018

    The US Marine Corps, the Navy, and the Air Force are not keeping track of their software inventories, according to a report released today by the US Department of Defense Inspector General (DOD IG). Auditors said management at many services part of these three military branches “did not consistently rationalize their software applications” leading to situations where they ...

  • Cyber security breaches rising across UK defence sector

    December 18, 2018

    UK defence secrets are increasingly being exposed to hostile nation states after the number of security breaches in the sector rose this year. Heavily-redacted records obtained by Sky News show an increase in incidents reported to the Ministry of Defence (MoD) between January and October compared to the same period in 2017. Sky News previously revealed the ...

  • Charming Kitten Iranian Espionage Campaign Thwarts 2FA

    December 17, 2018

    The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Kitten. The campaign has been tailored to get around two-factor authentication in order to compromise email ...

  • Fileless GandCrab As Seen by SandBlast Agent

    December 17, 2018

    January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries. In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and ...

  • Facebook Flaw Exposes Private Photos for 6.8M Users

    December 14, 2018

    The bug allowed 1,500 apps built by 876 developers to view users’ unposted “draft” photos. Facebook on Friday disclosed a bug in its platform that it said enabled third-party apps to access unpublished photos of 6.8 million users. Facebook stores copies of photo drafts, so if someone uploads the photo but doesn’t finish posting it, the photo ...

  • Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail

    December 14, 2018

    Organizations in Saudi Arabia and the UAE have been hit in latest attacks that involve new wiper malware. After a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East. These latest Shamoon attacks are doubly destructive, since they involve a new wiper (Trojan.Filerase) ...

  • Cybercriminals Use Malicious Memes that Communicate with Malware

    December 14, 2018

    Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 ...

  • Electric Vehicle Charging Stations Open to IoT Attacks

    December 14, 2018

    Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire. Given that creating proof-of-concept (PoC) cyberattacks for the Internet of Things (IoT) is essentially like shooting fish in a barrel these days, perhaps it’s not exactly surprising that a new niche category ...

  • LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

    December 13, 2018

    Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018.  Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 , which has been used used in limited email campaigns. ...

  • Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak

    December 13, 2018

    On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...

  • IDA and CIT champion new ‘Cyber Ireland’ infosec cluster

    December 13, 2018

    Could ambitious endeavour make Ireland the Fort Knox of infosec? IDA Ireland and Cork Institute of Technology (CIT) have joined forces on an initiative to establish Cyber Ireland, a national cybersecurity cluster. Cyber Ireland will provide a collective voice to represent the needs of the cybersecurity sector across the country and will address key challenges including skills needs, ...

  • Ships infected with ransomware, USB malware, worms

    December 12, 2018

    Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals. The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups. While the document contains ...

  • Supply Chain Security: Managing a Complex Risk Profile

    December 12, 2018

    Experts sound off on how companies can work with their third-party suppliers and partners to secure the end-to-end supply chain. NYC — From Delta Airlines to Best Buy, a number of big-name companies were involved this year in data breaches – but even though their names made headlines, the actual security incidents occurred due to flaws in third-party partners. Across ...

  • Operation Sharpshooter Uses Fileless Malware to Attack Global Infrastructure

    December 12, 2018

    The McAfee Advanced Threat Research team detected a malware campaign dubbed Operation Sharpshooter which attacked nuclear, defense, energy, and financial targets from all over the world. As detailed by McAfee’s research team, the campaign dubbed “Operation Sharpshooter” makes use of an in-memory essential to download and execute a second stage payload named Rising Sun. Moreover, the Rising Sun implant ...