News


  • Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

    January 3, 2019

    Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in ...

  • Phishing template uses fake fonts to decode content and evade detection

    January 3, 2019

    Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding. When the ...

  • Newsmaker Interview: Bruce Schneier on Physical Cyber Threats

    January 2, 2019

    Bruce Schneier discusses the clash between critical infrastructure and cyber threats. Attacks on physical devices and infrastructure offer a new target for cyber crime, a new opportunity for espionage and even a few front in cyber war. Rather than exploit computers and their applications, the Internet of Things allows malicious actors to go after a whole new ...

  • Hackers threaten to leak 9/11 litigation documents

    January 2, 2019

    The Dark Overlord claims to have stolen over 18,000 documents relating to the September 11 attacks on the World Trade Centre A group of hackers have threatened to release a large cache of stolen 9/11 litigation documents, in what it claims is one of the biggest leaks in history. The organisation, which is known as the Dark ...

  • Cyber-attack disrupts printing of major US newspapers

    December 30, 2018

    A cyber-attack has caused printing and delivery disruptions to major US newspapers, including the Los Angeles Times, the Chicago Tribune and the Baltimore Sun. The attack on Saturday appeared to originate outside the United States, the Los Angeles Times reported. It led to distribution delays in the Saturday edition of the Times, the Tribune, the Sun and other ...

  • EU to fund bug bounty programs for 14 open source projects starting January 2019

    December 29, 2018

    The European Union will foot the bill for bug bounty programs for 14 open source projects, EU Member of Parliament Julia Reda announced this week. The 14 projects are, in alphabetical order, 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony ...

  • First-Ever UEFI Rootkit Tied to Sednit APT

    December 28, 2018

    Researchers hunting cyber-espionage group Sednit (an APT also known as Sofacy, Fancy Bear and APT28) say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks. The discussion of Sednit was part of the 35C3 conference, and a session given by Frédéric Vachon, a malware researcher at ESET who published a technical ...

  • Hijacking Online Accounts Via Hacked Voicemail Systems

    December 28, 2018

    Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services. Voicemail systems are vulnerable to compromise via brute-force attacks against the four-digit personal identification numbers (PINs) that protect them. Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like ...

  • Stolen UK identities selling for as little as £10 on the dark web

    December 26, 2018

    Stolen personal data of UK citizens is selling for as little as £10 on the dark web, offering hackers all the information needed to carry out online fraud and identity theft, The Independent has discovered. So-called fullz – hacker slang meaning a “full ID” package – of UK citizens are being listed on several popular online black markets. A full ID ...

  • Five other countries formally accuse China of APT10 hacking spree

    December 21, 2018

    After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations. Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of ...

  • U.S. Indicts China-Backed Duo for Massive, Years-Long Spy Campaign

    December 20, 2018

    The homeland security implications are significant: the two, working with Beijing-backed APT10, allegedly stole sensitive data from orgs like the Navy and NASA. The Department of Justice on Thursday charged two Chinese hackers with stealing “hundreds of gigabytes” of data from more than 45 other governmental organizations and U.S.-based companies. This has potentially significant national security ramifications: ...

  • NASA discloses data breach

    December 19, 2018

    The US National Aeronautics and Space Administration (NASA) admitted today to getting hacked earlier this year. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said. The agency ...

  • URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader

    December 18, 2018

    As ransomware and banking trojans captured the interest – and profits – of the world with their destructive routines, cybersecurity practitioners have repeatedly published online and offline how cybercriminals have compartmentalized their schemes through exchange of information and banded professional organizations. As a more concrete proof of the way these symbiotic relationships and work flows intersect, we discovered a connection between EMOTET, URSNIF, DRIDEX and BitPaymer from open source information and ...

  • Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant

    December 18, 2018

    The group continues to evolve its custom malware in an effort to evade detection. The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go ...

  • DOD doesn’t keep track of duplicate or obsolete software

    December 18, 2018

    The US Marine Corps, the Navy, and the Air Force are not keeping track of their software inventories, according to a report released today by the US Department of Defense Inspector General (DOD IG). Auditors said management at many services part of these three military branches “did not consistently rationalize their software applications” leading to situations where they ...

  • Cyber security breaches rising across UK defence sector

    December 18, 2018

    UK defence secrets are increasingly being exposed to hostile nation states after the number of security breaches in the sector rose this year. Heavily-redacted records obtained by Sky News show an increase in incidents reported to the Ministry of Defence (MoD) between January and October compared to the same period in 2017. Sky News previously revealed the ...

  • Charming Kitten Iranian Espionage Campaign Thwarts 2FA

    December 17, 2018

    The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Kitten. The campaign has been tailored to get around two-factor authentication in order to compromise email ...

  • Fileless GandCrab As Seen by SandBlast Agent

    December 17, 2018

    January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries. In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and ...

  • Facebook Flaw Exposes Private Photos for 6.8M Users

    December 14, 2018

    The bug allowed 1,500 apps built by 876 developers to view users’ unposted “draft” photos. Facebook on Friday disclosed a bug in its platform that it said enabled third-party apps to access unpublished photos of 6.8 million users. Facebook stores copies of photo drafts, so if someone uploads the photo but doesn’t finish posting it, the photo ...

  • Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail

    December 14, 2018

    Organizations in Saudi Arabia and the UAE have been hit in latest attacks that involve new wiper malware. After a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East. These latest Shamoon attacks are doubly destructive, since they involve a new wiper (Trojan.Filerase) ...