News


  • Schneider Electric Modicon vulnerability impacts ICS operation in industrial settings

    September 6, 2018

    A security vulnerability discovered in Schneider Electric Modicon controllers has the potential to severely disrupt industrial equipment and networks. According to researchers from industrial cybersecurity firm Radiflow, the bug, tracked as CVE-2018-7789, “severely exposes the safety and availability of the ICS networks on which these devices were installed.” The vulnerability is present in the Schneider Electric Modicon M221 controller ...

  • House Passes Bill Expanding DHS’ Power to Block Risky Contractors from Government Networks

    September 5, 2018

    The House passed legislation Tuesday that would dramatically broaden the Homeland Security Department’s power to block contractors and subcontractors that officials determine present cybersecurity and national security risks to the department’s technology supply chain. The bill, which is modeled on an authority already granted to the Defense Department, comes after Congress took action in the past ...

  • Cybercrooks home in on infosec’s weakest link – you poor gullible people

    September 5, 2018

    Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 per cent and 84 per cent respectively. ...

  • Recent Windows ALPC zero-day has been exploited in the wild for almost a week

    September 5, 2018

    Two days after a security researcher released details and proof-of-concept code about an unpatched Windows zero-day, one malware group had already incorporated the vulnerability in their exploit chain and was attempting to infect users around the globe. The zero-day used in this malware distribution campaign is a (still-unpatched) vulnerability in the Windows Task Scheduler feature, affecting ...

  • OilRig Sends an OopsIE to Mideast Government Targets

    September 5, 2018

    The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity. The OilRig group is back, using a reboot of the OopsIE trojan to pump information from its favorite resource: entities in the Middle East region. OilRig, which is also called Cobalt Gypsy, Crambus, Helix Kitten or PT34, is suspected ...

  • FIN6 returns to attack retailer point of sale systems in US, Europe

    September 5, 2018

    A new malware campaign has been detected which is targeting point-of-sale (PoS) systems across the United States and Europe. On Wednesday, researchers from IBM X-Force IRIS said the attacks have been attributed to the FIN6 cybercriminal group. This is only the second time that a campaign has been documented which appears to be the handiwork of FIN6. According to FireEye (.PDF), ...

  • Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

    September 5, 2018

    A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution ...

  • New Silence hacking group suspected of having ties to cyber-security industry

    September 5, 2018

    At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...

  • ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

    September 4, 2018

    CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections. Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank. The malware goes so far as to include bank logos that look and ...

  • Cybersecurity researchers double SCADA vulnerability finds

    September 3, 2018

    Independent cybersecurity researchers found nearly double the number of vulnerabilities in supervisory control and data acquisition (SCADA) systems in the first six months of 2018 as they did in the first half of 2017, according to a new report by Japanese multinational Trend Micro, amid rising concerns about infrastructure security. The 202 holes spotted in such ...

  • Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

    September 3, 2018

    Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to ...

  • APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security

    September 3, 2018

    n advanced threat actor has been associated with China’s Ministry of State Security via two individuals and a Chinese firm. Researchers claim that APT10, a likely China-based threat actor, is believed directly connected to the Chinese Ministry of State Security’s (MSS) Tianjin bureau. The allegations come from CrowdStrike which released a report Friday that claims it has found firm ...

  • Forget WannaCry, staff themselves pose a risk to healthcare data

    September 3, 2018

    More than half of all healthcare data breaches reported during 2017 could be traced back to people on the inside of victim organisations, according to an annual study by Verizon. The company’s latest Protected Health Information Data Breach Report (PHIDBR) looked at 1,368 mostly US examples, identifying 782 (57.5 per cent) as having an insider element. A ...

  • Five Eyes governments get even tougher on encryption

    September 2, 2018

    “The governments of the United States, the United Kingdom, Canada, Australia, and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights,” began a document agreed to last week. Sounds good. But wait. The government ministers who met on Australia’s Gold Coast last week went on to ...

  • Cyber threat against Danish banks ‘very high’: agency

    September 1, 2018

    The cyber threat against Denmark’s financial sector is considered to be very high, according to a report by the Centre for Cyber Security (Center for Cybersikkerhed). The centre, which is a department of military security agency FET (Forsvarets Efterretningstjeneste), assesses cyber threats against Denmark and Danish businesses. “The threat posed to the Danish financial sector by cyber ...

  • Why is Google selling potentially compromised Chinese security keys?

    August 31, 2018

    Google has come under fire for its ties to China recently. The situation has the potential to get a lot worse now that Google is offering a Chinese security product to those who need protection the most. Earlier this month, the tech giant was criticised after reports emerged of its secret project to develop a Google ...

  • Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic

    August 30, 2018

    The campaign uses double infection points and two command-and-control servers. The infamous financial cybercrime gang known as Cobalt Group has been spotted actively pushing a fresh campaign that uses a peculiar tactic: Double infection points and two command-and-control (C2) servers. The Cobalt Group, a known financial cybercrime ring since 2016, has been suspected in attacks in dozens ...

  • Attackers Abuse WMIC to Download Malicious Files

    August 30, 2018

    Malware authors use WMIC and a host of other legitimate tools to deliver information-stealing malware, highlighting the continued use of living off the land tactics. We recently observed malware authors using a combination of a tool found on all Windows computers and a usually innocuous file type associated with modifying and rendering XML documents. While these ...

  • Microsoft Windows zero-day vulnerability disclosed through Twitter

    August 28, 2018

    Microsoft has quickly reacted to the disclosure of a previously unknown zero-day vulnerability in the Windows operating system. On Monday, Twitter user SandboxEscaper revealed the existence of the bug on the microblogging platform. As reported by the Register, the user said: “Here is the alpc bug as 0day. I don’t f**king care about life anymore. Neither do I ...

  • How hackers managed to steal $13.5 million in Cosmos bank heist

    August 27, 2018

    Earlier this month, reports surfaced which suggested that Cosmos Bank, India’s oldest at 112 years old, had become the victim of a cyberattack which left the institution millions out of pocket. The attack reportedly took place in two stages been August 10 – 13. According to the Hindustan Times, malware was used on the bank’s ATM server ...