News


  • A Zebrocy Go Downloader

    January 11, 2019

    Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy ...

  • TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

    January 11, 2019

    The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has ...

  • Army ready to embrace AI

    January 11, 2019

    Army’s acquisition organization is still working out its IT strategy, but it has laser focus on weaving artificial intelligence into the force. Army acquisition head, Bruce Jette told reporters at the Defense Writers Group breakfast Jan. 10 in Washington, D.C., that while the department isn’t where he’d like it to be, the ultimate goal is to ...

  • China Tightens Grip On Blockchain-Based Services

    January 11, 2019

    Users of blockchain-based information services will have to register their real names and identity numbers in latest crackdown – even as Hong Kong moves to attract virtual asset traders China has tightened regulatory pressure on blockchain-based information services, in an effort to ensure that authorities can trace any information posted online in the country back to the person ...

  • ‘Unprecedented’ DNS Hijacking Attacks Linked to Iran

    January 10, 2019

    The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran. A wave of DNS hijacking attacks targeting victims in North America, Europe, Middle East and North Africa have been linked to Iran. The attacks, which have been ongoing over the past two years, have had “a high degree of success” ...

  • Over 202 Million Chinese Job Seekers’ Details Exposed On the Internet

    January 10, 2019

    Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an American ...

  • Hyatt Hotels launches bug bounty program

    January 10, 2019

    Hyatt Hotels has launched a bug bounty program in light of recent card-skimming attacks against the hospitality chain. On Wednesday, the company said the new initiative will be hosted on bug bounty program HackerOne and is designed to allow Hyatt to “tap into the vast expertise of the security research community to accelerate identifying and fixing ...

  • Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker

    January 9, 2019

    Remember “The Shadow Brokers” and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA ...

  • Vietnam accuses Facebook of violating new cybersecurity law

    January 9, 2019

    Facebook was defending itself on Wednesday against allegations that it allows illegal content in violation of Vietnam’s new cybersecurity law. The social media giant said it had restricted such content and is in discussions with the government. “We have a clear process for governments to report illegal content to us, and we review all those requests ...

  • New tool automates phishing attacks that bypass 2FA

    January 9, 2019

    A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka –the English pronunciation of the Polish word for mantis– this new tool was created ...

  • Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

    January 8, 2019

    Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications. Zerodium—a startup by the infamous French-based company Vupen that buys and sells ...

  • Ransomware MongoLock Immediately Deletes Files, Formats Backup Drives

    January 8, 2019

    We have been following a new wave of MongoLock ransomware attacks that immediately deletes files upon infection instead of encrypting it, and further scans for other available folders and drives for file deletion. In the wild since December 2018, the ransomware demands a payment of 0.1 bitcoin from victims within 24 hours to retrieve the ...

  • New hardware-agnostic side-channel attack works against Windows and Linux

    January 7, 2019

    A team of five academics and security researchers has published a research paper today detailing a new side-channel attack that effective against operating systems like Windows and Linux. The novelty in this paper is that unlike many of the previous side-channel attacks , this one is hardware-agnostic, and in some cases, it can be carried out remotely. The attack ...

  • GandCrab Operators Use Vidar Infostealer as a Forerunner

    January 7, 2019

    Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files. Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to ...

  • Your Word is Your Bond: Trust and Ethics in Underground Forums

    January 7, 2019

    Although the general public thinks of underground forums as a place where scams and suspicious dealings are rampant, the opposite is usually true: the threat actors who inhabit these sites often consider their reputation a major asset. Many of the individuals and groups in underground forums go to great lengths to ensure that transactions go through ...

  • NSA to release a free reverse engineering tool

    January 6, 2019

    The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can ...

  • Angela Merkel’s personal details leaked on Twitter

    January 4, 2019

    An unknown hacker has released confidential data linked to the German Chancellor Angela Merkel and hundreds of the country’s other politicians. The stolen details were released on Twitter over the past few weeks in a sort of Advent Calendar and included bills and credit card information, phone numbers, email addresses, photo identification and personal chat histories. The Twitter ...

  • Tech trends 2019: ‘The end of truth as we know it?’

    January 4, 2019

    More than 200 firms contributed to our request for ideas on what the global tech trends will be in 2019. Here’s a synthesis of the main themes occupying the minds of the technorati this year. You may be surprised. This year it’s all about data – a small, rather dull word for something that is profoundly ...

  • Spyware Disguises as Android Applications on Google Play

    January 3, 2019

    Trend Micro discovered a spyware (detected as ANDROIDOS_MOBSTSPY) which disguised itself as legitimate Android applications to gather information from users. The applications were available for download on Google Play in 2018, with some recorded to have already been downloaded over 100,000 times by users from all over the world. One of the applications we initially investigated ...

  • A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

    January 3, 2019

    A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than ...