News


  • Cobalt threat group serves up SpicyOmelette in fresh bank attacks

    September 27, 2018

    Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...

  • US government hacker jailed after losing secrets

    September 26, 2018

    A man who illegally took home hacking tools from his workplace at the National Security Agency, and then allegedly lost them to Russian intelligence, has been jailed for five years and six months. Nghia Hoang Pho, 68, developed hacking tools at the NSA’s elite Tailored Access Operations (TAO) unit, which works on penetrating target computer networks ...

  • VPNFilter’s Arsenal Expands With Newly Discovered Modules

    September 26, 2018

    Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After ...

  • New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions

    September 26, 2018

    Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system. The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed “Mutagen Astronomy,” affects the kernel versions released between ...

  • Man gets two years in prison for sabotaging US Army servers with ‘logic bomb’

    September 25, 2018

    A US judge has sentenced an Atlanta man to two years in prison followed by three years of supervised release for sabotaging one of the US Army’s payroll databases with a “logic bomb.” The man’s sentence is related to an incident that occurred in November 2014 and affected the US Army’s Regional Level Application Software (RLAS). According ...

  • Over 80 Cisco Products Affected by FragmentSmack DoS Bug

    September 25, 2018

    Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug. The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Many of them expect a fix by February ...

  • Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack

    September 24, 2018

    The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017. The incident took place on March 3, 2017, when the organization’s entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain. The ransomware encrypted files and requested payment of ...

  • macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files

    September 24, 2018

    A security researcher shows on Mojave’s release day that Apple’s  latest privacy protection implementations in macOS are not sufficiently strong. In a minute-long clip, Patrick Wardle shows that the security in the dark-themed macOS can be bypassed to reach sensitive user data, such as the information in the address book. Talking to BleepingComputer, Wardle says that he ...

  • Adwind RAT Scurries By AV Software With New DDE Variant

    September 24, 2018

    A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool (RAT) – and using a fresh take on the Dynamic Data Exchange (DDE) code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE code-injection attack on Microsoft Excel – enabling them to bypass ...

  • Cisco: We’ve killed another critical hard-coded root password bug, patch urgently

    September 24, 2018

    Cisco has supplied a patch for its Video Surveillance Manager software to erase hardcoded default credentials for the root account. Admins responsible for appliances running Cisco’s surveillance software should urgently patch the flaw, which has a Common Vulnerability Scoring System (CVSS) version 3 score of 9.8 out of a possible 10. The flaw would allow an attacker ...

  • Tesco Bank facing £30m fine from FCA over 2016 cyber attack

    September 24, 2018

    Tesco Bank could be fined as much as £30 million over its 2016 cyber attack that compromised the accounts of at least 40,000 of its seven million customers. The attack in November 2016 is one of the most serious ever on a UK retail bank, with money stolen from 20,000 accounts over one weekend – some customers seeing ...

  • Researcher Discloses New Zero-Day Affecting All Versions of Windows

    September 21, 2018

    A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline. Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could ...

  • Britain to create 2,000-strong cyber force to tackle Russia threat

    September 21, 2018

    Britain is significantly increasing its ability to wage war in cyberspace with the creation of a new offensive cyber force of up to 2,000 personnel, Sky News understands. The plan by the Ministry of Defence and GCHQ comes amid a growing cyber threat from Russia and after the UK used cyber weapons for the first time ...

  • New Virobot malware works as ransomware, keylogger, and botnet

    September 21, 2018

    A newly discovered malware strain is a multi-tasking threat that besides working as ransomware and encrypting users’ files, it can also log and steal their keystrokes, and add infected computers to a spam-sending botnet. This new threat is named Virobot and appears to be under development, and comprised of multiple components that allow it to work ...

  • British spies ‘hacked into Belgian telecoms firm on ministers’ orders’

    September 21, 2018

    British spies are likely to have hacked into Belgium’s biggest telecommunications operator for at least a two-year period on the instruction of UK ministers, a confidential report submitted by Belgian prosecutors is said to have concluded. The finding would support an allegation made by the whistleblower Edward Snowden five years ago when he leaked 20 slides exposing the ...

  • Equifax fined £500,000 for failing to protect customer details in cyber attack

    September 20, 2018

    A credit reference agency that failed to protect the details of 15 million people in the UK during a cyber attack has been fined £500,000. The personal information lost or compromised during the incident between 13 May and 30 July 2017 ranged from names and dates of birth to addresses, passwords, driving licence and financial details. The Information Commissioner’s ...

  • Major Irish utility networks vulnerable to cyber attacks set to have security increased

    September 19, 2018

    Our water supplies, electricity and gas grids and phone networks are all vulnerable to cyber-attacks from tech-terrorists and are about to have their security beefed-up. That is because all of our utilities and essential State services are in some way or another reliant on digital technology, which in turn makes them vulnerable to digital attack. Minister Denis ...

  • Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

    September 19, 2018

    Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other “complex” cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple ...

  • Cybercrime: Ransomware remains a ‘key’ malware threat says Europol

    September 18, 2018

    Targeted attacks replace spam campaigns, but Europol’s annual cybercrime report also warns that cryptojacking malware “may overtake ransomware as a future threat”. Ransomware remains the top malware threat to organisations, causing millions of dollars of damage and remaining a potent tool for cyber criminals and nation-state attackers. The rise of highly targeted file-locking malware campaigns and the ...

  • US State Department confirms: Unclassified staff email boxes hacked

    September 18, 2018

    The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees. Uncle Sam’s officials said in a statement to The Register on Tuesday that “suspicious activity” in its email system led it to send out warnings to a number of employees whose personal information may have ...