News


  • Microsoft Set To Win Secret Clearance Ahead Of Pentagon Cloud Bid

    October 10, 2018

    Microsoft is battling Amazon’s AWS for the multi-billion-pound deal, after Google pulled out due to ethical concerns Microsoft said this week it is set to receive the US government’s top security clearance early next year, as it prepares to bid for a Pentagon cloud contract worth up to $10 billion (£7.7bn). The announcement follows on from the company’s ...

  • Gallmaker: New Attack Group Eschews Malware to Live off the Land

    October 10, 2018

    A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign. Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies of an Eastern European country, and military and defense targets in the Middle East. This group ...

  • Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs

    October 9, 2018

    Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd.(Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won’t be able to tell that ...

  • Microsoft Patches Zero-Day Under Active Attack by APT

    October 9, 2018

    A zero-day vulnerability tied to the Window’s Win32k component is under active attack, warns Microsoft. Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day (CVE-2018-8453), found by Kaspersky ...

  • Heathrow Fined £120,000 Over Lost USB Stick

    October 9, 2018

    The unencrypted stick, containing personal data on staff, was found by a member of the public before being handed in to a national newspaper Heathrow Airport said it has begun a company-wide data security training programme after the Information Commissioner’s Office (ICO) fined it £120,000 over an embarrassing data breach last year. The ICO said an unencrypted ...

  • Adobe Releases Security Patch Updates for 11 Vulnerabilities

    October 9, 2018

    Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity. Adobe has also released updated versions for Flash Player, but surprisingly this month the software received no security patch update. Also, none of the ...

  • Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities

    October 9, 2018

    In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD ...

  • Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data

    October 8, 2018

    Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+’s People APIs allowed third-party developers to access data for ...

  • DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story

    October 8, 2018

    Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week. On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made ...

  • PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

    October 7, 2018

    A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping. The hacking technique, found by Tenable Research and outlined on ...

  • Microsoft Has Pulled the Windows 10 October 2018 Update

    October 6, 2018

    The users recently discovered a critical bug in Windows 10 October 2018 Update (version 1809) that causes an unexpected removal of files such as documents and pictures during the upgrade process. There’s a growing number of users reporting the same problem and Microsoft has finally paused the rollout of Windows 10 October 2018 Update. Today, Microsoft announced in a support document that ...

  • California’s IoT Cybersecurity Law Sets Standards for Device Manufacturers

    October 5, 2018

    California’s cybersecurity law for the internet of things (IoT) is now official. It was approved by California Governor Jerry Brown last week, more than a year after it was introduced as SB 327 in February 2018. It bears the distinction as the first IoT-related law enacted in the U.S., and now sets security standards for the manufacturing of connected ...

  • Saudi Dissident Spyware Attack Belies Bigger Threat

    October 5, 2018

    This week, news broke that a well-known Saudi dissident has been targeted by the notorious Pegasus spyware – after he gained permanent citizen status in Canada. While this fits into pattern of ongoing attacks on “civil society” members (i.e., journalists, social justice activists, dissidents and human rights organizations), the larger pool of threats against this ...

  • Apple, Amazon Strongly Refute Server Infiltration Report

    October 4, 2018

    An explosive Bloomberg report, if true, would highlight the largest supply chain attack to have been launched against American corporations. Apple and Amazon are strongly refuting a report claiming that Chinese spies infiltrated third-party motherboards used on servers by U.S. companies. If true, the incident would be the largest supply chain attack to have been launched ...

  • UK pins ‘reckless campaign of cyber attacks’ on Russian military intelligence

    October 4, 2018

    The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...

  • Bug bounty scheme uncovers 150 vulnerabilities in US Marine Corps websites

    October 4, 2018

    Nearly 150 security vulnerabilities have been discovered in US Marine Corps websites and related services during a bug bounty challenge that saw ethical hackers awarded over $150,000. Hack The Marine Corps is the sixth public bounty program by the US Department of Defense (DoD) and bug bounty platform HackerOne. More than 100 ethical hackers took part ...

  • Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware

    October 4, 2018

    The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware. Kraken Cryptor is a Ransomware as a Service (RaaS) that is actively being distributed by affiliates. As this is an affiliate system, we are seeing different bad actors distributing the ransomware using a variety ...

  • US to offer cyberwar capabilities to NATO allies

    October 4, 2018

    Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...

  • Turla APT Changes Shape with New Code and Targets

    October 4, 2018

    The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for an APT best-known for deploying a complex rootkit called Snake, traditionally focused on ...

  • Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

    October 3, 2018

    The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and ...