News


  • Surge of MegaCortex ransomware attacks detected

    May 6, 2019

    UK cyber-security firm Sophos reported detecting a spike in ransomware attacks at the end of last week from a new strain named MegaCortex. Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions –in a tactic that is known as “big-game hunting.” The modus operandi is ...

  • Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March

    May 6, 2019

    Microsoft Office 365 remains an attractive target for cybercriminals as it continues to be used by businesses worldwide. In a new report from Barracuda Networks, the company revealed that more than 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts of their customers in March 2019 alone. The increase in the ...

  • Japanese government to create and maintain defensive malware

    May 3, 2019

    The Japanese Defense Ministry will create and maintain cyber-weapons in the form of malware that it plans to use in a defensive capacity. Once created, these malware strains, consisting of viruses and backdoors, will become Japan’s first-ever cyber-weapon, Japanese media reported earlier this week, citing a government source . The malware is expected to be finished by ...

  • DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

    May 1, 2019

    In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the ...

  • NSA surveillance of foreign nationals surges

    May 1, 2019

    The US National Security Agency’s latest transparency report has revealed the increased surveillance of foreign nationals and their communications records in intelligence operations. The Office of the Director of National Intelligence (ODNI) published its sixth “Statistical Transparency Report Regarding Use of National Security Authorities” report on Tuesday. The report (.PDF) outlines the use of warrants, the activities of ...

  • Mysterious hacker has been selling Windows 0-days to APT groups for three years

    May 1, 2019

    For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage groups –also known as APTs (advanced persistent threats)– will regularly buy zero-day exploits from third-party entities, ...

  • Dell laptops and computers vulnerable to remote hijacks

    May 1, 2019

    A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many users are likely ...

  • Unprotected Database Exposes Personal Info of 80 Million American Households

    April 30, 2019

    A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households. Discovered by VPNMentor’s research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual ...

  • APT trends report Q1 2019

    April 30, 2019

    For just under two years, the Global Research and Analysis Team (GReAT) at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. ...

  • Dispelling Myths Around SGX Malware

    April 29, 2019

    A group of security researchers from Graz University of Technology recently disclosed detailed methods of deploying attacks from inside Intel’s SGX Security Enclave. The research paper received decent media attention probably due to recently discovered architecture vulnerabilities, such as Meltdown and Spectre. Researchers also released proof of concept (PoC) code for Linux that successfully escapes the securely ...

  • I know what you did last summer, MuddyWater blending in the crowd

    April 29, 2019

    MuddyWater is an APT with a focus on governmental and telco targets in the Middle East (Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon) and also a few other countries in nearby regions (Azerbaijan, Pakistan and Afghanistan). MuddyWater first surfaced in 2017 and has been active continuously, targeting a large number of organizations. First stage infections ...

  • New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches

    April 27, 2019

    Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just ...

  • ‘Karkoff’ Is the New ‘DNSpionage’ With Selective Targeting Strategy

    April 24, 2019

    The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims’ computers with DNSpionage—a custom remote administrative tool that uses ...

  • Operation ShadowHammer: a high-profile supply chain attack

    April 23, 2019

    In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, which took place in Singapore on April 9-10, 2019. Now it is time to ...

  • Source code of Carbanak trojan found on VirusTotal

    April 23, 2019

    The source code of one of the world’s most dangerous malware strains has been uploaded and left available on VirusTotal for two years, and almost nobody has noticed. It was discovered by security researchers from US cyber-security firm FireEye, analyzed for the past two years, and made public today, so other members of the cyber-security community ...

  • FINTEAM: Trojanized TeamViewer Against Government Targets

    April 23, 2019

    Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer. By investigating ...

  • Millions of Medical Documents for Addiction and Recovery Patients Leaked

    April 22, 2019

    The information includes data on all rehab treatments and procedures, linked with patients’ names and other info. As if wrestling with addiction and recovery weren’t difficult enough, tens of thousands of patients of a rehab clinic in Pennsylvania may find their personal information hijacked and manipulated by identity thieves or extortionists. An ElasticSearch database that was left ...

  • Old-school cruel: Dodgy PDF email attachments enjoying a renaissance

    April 19, 2019

    The last few months have seen a big increase in malware attacks using PDF email attachments, according to security firm SonicWall. “Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber landscape,” said the outfit’s Bill Conner. There’s nothing new in this, of course, but many recent attacks ...

  • Facebook Collected Contacts from 1.5 Million Email Accounts Without Users’ Permission

    April 18, 2019

    Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users’ email accounts to unauthorizedly and secretly gather a copy of ...

  • Cyber-security firm Verint hit by ransomware

    April 17, 2019

    The Israel offices of US cyber-security firm Verint have been hit by ransomware, according to a screenshot taken by a Verint employee that started circulating online earlier today. “There is currently a critical issue affecting the on premise Email and Green zone VDI services,” read a warning message that was displayed earlier today ...