News


  • UK’s NCSC Explains How They Handle Discovered Vulnerabilities

    December 1, 2018

    When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if ...

  • 500 Million Marriott Guest Records Stolen in Starwood Data Breach

    November 30, 2018

    The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W ...

  • New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools

    November 30, 2018

    MuddyWater is a well-known threat actor group that has been active since 2017. They target groups across Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. Most recently they were connected to a campaign in March that targeted organizations in Turkey, Pakistan, and Tajikistan. The group has been quite visible since the initial 2017 Malwarebytes ...

  • Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

    November 29, 2018

    British and Dutch data protection regulators Tuesday hit the ride-sharing company Uber with a total fine of $1,170,892 (~ 1.1 million) for failing to protect its customers’ personal information during a 2016 cyber attack involving millions of users. Late last year, Uber unveiled that the company had suffered a massive data breach in October 2016, exposing names, email ...

  • Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims

    November 29, 2018

    Symantec says the biz that accused it of conspiring with others to avoid independent security audits is “less than honest” and driven by a “thirst for profits.” “This is, at bottom, a case where one company’s thirst for profits has led it to brush aside the needs of its customers for more accurate testing of their ...

  • 57 Million Personal Info Records Leaked by Unprotected ElasticSearch Server

    November 28, 2018

    An unprotected Elasticsearch server indexed by the Shodan IoT search engine on November 14 exposed a 73 GB database of 57 million US citizens’ records. The publicly accessible server discovered by security researcher Bob Diachenko contained an Elasticsearch instance with a database of “first name, last name, employers, job title, email, address, state, zip, phone number, and ...

  • U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

    November 28, 2018

    The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictmentunsealed today at New Jersey court revealed. The duo used SamSam ransomware to ...

  • New industrial espionage campaign leverages AutoCAD-based malware

    November 28, 2018

    Security researchers have spotted a somewhat unique malware distribution campaign that targets companies using AutoCAD-based malware. Discovered by cyber-security firm Forcepoint, which shared its findings with ZDNet yesterday, the campaign appears to have been active since 2014, based on telemetry data the company has analyzed. Forcepoint says the group behind this recent campaign is most likely very sophisticated ...

  • Dell announces security breach

    November 28, 2018

    US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9. Dell says it detected an unauthorized intruder (or intruders) “attempting to extract Dell.com customer information” from its systems, such as customer names, email addresses, and hashed passwords. The company didn’t go into details about the complexity of the ...

  • Pegasus Spyware Targets Investigative Journalists in Mexico

    November 27, 2018

    Colleagues of slain Javier Valdez Cárdenas, known for investigating drug cartels, were targeted just days after his death. The notorious state actor mobile spyware known as Pegasus has resurfaced, targeting the colleagues of a slain Mexican journalist who lived – and died – investigating drug cartels. Journalist Javier Valdez Cárdenas, founder of Río Doce, a Mexican newspaper ...

  • GreyEnergy APT Delivers Malware via Phishing Attacks and Multi-Stage Dropper

    November 27, 2018

    The highly complex backdoor malware payload designed by the GreyEnergy advanced persistent threat (APT) group is being dropped on targeted machines using the common phishing infection vector as detailed by Nozomi Networks’ Alessandro Di Pinto. GreyEnergy attacked and infiltrated the networks of multiple critical infrastructure targets from Eastern Europe, from Poland and Ukraine, with other objectives ...

  • Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency

    November 27, 2018

    A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, built to simplify working with Node.js streaming modules and it is available through the npmjs.com repository. Although the malicious code was discovered last week, researchers were able to determine ...

  • Threat Actor Uses DNS Redirects, DNSpionage RAT to Attack Government Targets

    November 27, 2018

    Cisco Talos discovered a new malware campaign targeting a commercial Lebanese airline company, as well as United Arab Emirates (UAE) and Lebanon government domains. According to Cisco Talos’ findings, the recently observed campaign could not be connected to other threat actors or attacks based on the used infrastructure and its Tactics, Techniques, and Procedures (TTP). The actor ...

  • Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions

    November 26, 2018

    A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October. Mobile malware, dubbed Rotexy, has evolved from being spyware to now a dangerous banking trojan packing a host of new clever features. Researchers report 70,000 attacks between August and October with targets primarily based in Russia. In a technical brief released ...

  • Germany proposes router security guidelines

    November 26, 2018

    The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers. Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community. Once approved, router manufacturers don’t ...

  • Good cyber security starts with boards that ask questions

    November 25, 2018

    Not a day seems to go by when there isn’t a story in the media about a data breach, commercial espionage or a cyber intrusion where there is ‘no evidence that any data was stolen’. The narrative that companies didn’t know about a breach or were somehow victims is all too common. There is also a ...

  • Ukrainian police arrest hacker who infected over 2,000 users with DarkComet RAT

    November 23, 2018

    Ukrainian police have arrested a 42-old-man on charges of infecting over 2,000 users across 50 countries with the DarkComet remote access trojan (RAT). The man was arrested this week after police executed a search warrant at his residence in the city of Lviv, in Western Ukraine. In a press release published today, Ukrainian police said they found ...

  • Old Printer Vulnerabilities Die Hard

    November 23, 2018

    New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers. Just this past summer researchers at Check Point found ...

  • Rowhammer attacks can now bypass ECC memory protections

    November 22, 2018

    Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...

  • 500K Italian Public Administration Email Accounts Compromised By Targeted Attack

    November 21, 2018

    500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza. Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the ...