News


  • Bad Actors Sizing Up Systems Via Lightweight Recon Malware

    September 11, 2018

    These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack. The emergence of the AdvisorsBot and Marap malwares, as ...

  • More than 40% of ICS computers were attacked in H1 2018

    September 11, 2018

    More than 40% of all industrial control system (ICS) computers protected by Kaspersky Lab solutions were attacked by malicious software at least once during the first half of 2018. The most impacted countries turned out to be Vietnam, Algeria and Sri Lanka, while the safest region for industrial machines was Denmark. These are among the ...

  • Russian domestic security service launch new dedicated center to counter cyberattacks

    September 11, 2018

    Russia’s Federal Security Service, the FSB, now has a separate coordination center created in order to prevent, detect and counter cyberattacks on critical infrastructure facilities as well as repair damage from such attacks. The new agency is officially titled ‘National Coordination Center for Computer Incidents’ and it will be headed by Andrey Ivashko who is also ...

  • British Airways breach caused by the same group that hit Ticketmaster

    September 11, 2018

    A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The group’s regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered ...

  • Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits

    September 10, 2018

    New variations of Mirai and the Gafgyt botnet are harnessing new vulnerabilities to compromise IoT devices, including the security flaw which caused the 2017 Equifax data breach. On Sunday, researchers from the Palo Alto Networks Unit 42 team said in a blog postthat new variants of the botnets have been upgraded with a slew of exploits designed to ...

  • LuckyMouse uses malicious NDISProxy Windows driver to target gov’t entities

    September 10, 2018

    The LuckyMouse advanced persistent threat (APT) is back with a twist in tactics that harnesses LeagSoft certificates to spread Trojans by way of malicious NDISProxy drivers. It was back in June that researchers discovered that LuckyMouse, also known as EmissaryPanda and APT27, had targeted a national data center containing Asian government resources. In this previous campaign, LuckyMouse used ...

  • GCHQ intelligence chief threatens ‘brazen’ Russia with UK’s ‘tools’

    September 7, 2018

    British spies are ready to counter an “active and real threat” posed by the “brazen Kremlin”, the head of GCHQ has warned. Jeremy Fleming said the government’s cyber intelligence agency could “deploy the full range of tools from across our national security apparatus” to target Russia’s GRU intelligence agency and its agents. During a speech at the ...

  • ‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets

    September 7, 2018

    Spreading via fake Android apps, the malware lifts a range of sensitive information from victims’ devices. A mobile spyware campaign against mainly Iranian citizens has been spotted – with evidence that the Iranian government might be involved. The operation is dubbed Domestic Kitten by Check Point researchers — “kitten” to follow common APT nomenclature for Iranian groups ...

  • BA hacked: 380,000 card payments ‘compromised’ in breach

    September 7, 2018

    Shares of British Airways’ parent company IAG fell around 4% as markets opened on Friday morning, hours after the airline said the credit card information of at least 380,000 customers had been “compromised” in a data theft. More than £500m was wiped of the airline group’s market value as a result, before the share price rallied ...

  • U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

    September 6, 2018

    The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world.” The Justice Department has charged a North Korean man in the hacking of Sony Pictures Entertainment (SPE) in 2014 – as well as the global WannaCry attack last year that caused millions of dollars of ...

  • Schneider Electric Modicon vulnerability impacts ICS operation in industrial settings

    September 6, 2018

    A security vulnerability discovered in Schneider Electric Modicon controllers has the potential to severely disrupt industrial equipment and networks. According to researchers from industrial cybersecurity firm Radiflow, the bug, tracked as CVE-2018-7789, “severely exposes the safety and availability of the ICS networks on which these devices were installed.” The vulnerability is present in the Schneider Electric Modicon M221 controller ...

  • House Passes Bill Expanding DHS’ Power to Block Risky Contractors from Government Networks

    September 5, 2018

    The House passed legislation Tuesday that would dramatically broaden the Homeland Security Department’s power to block contractors and subcontractors that officials determine present cybersecurity and national security risks to the department’s technology supply chain. The bill, which is modeled on an authority already granted to the Defense Department, comes after Congress took action in the past ...

  • Cybercrooks home in on infosec’s weakest link – you poor gullible people

    September 5, 2018

    Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 per cent and 84 per cent respectively. ...

  • Recent Windows ALPC zero-day has been exploited in the wild for almost a week

    September 5, 2018

    Two days after a security researcher released details and proof-of-concept code about an unpatched Windows zero-day, one malware group had already incorporated the vulnerability in their exploit chain and was attempting to infect users around the globe. The zero-day used in this malware distribution campaign is a (still-unpatched) vulnerability in the Windows Task Scheduler feature, affecting ...

  • OilRig Sends an OopsIE to Mideast Government Targets

    September 5, 2018

    The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity. The OilRig group is back, using a reboot of the OopsIE trojan to pump information from its favorite resource: entities in the Middle East region. OilRig, which is also called Cobalt Gypsy, Crambus, Helix Kitten or PT34, is suspected ...

  • FIN6 returns to attack retailer point of sale systems in US, Europe

    September 5, 2018

    A new malware campaign has been detected which is targeting point-of-sale (PoS) systems across the United States and Europe. On Wednesday, researchers from IBM X-Force IRIS said the attacks have been attributed to the FIN6 cybercriminal group. This is only the second time that a campaign has been documented which appears to be the handiwork of FIN6. According to FireEye (.PDF), ...

  • Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

    September 5, 2018

    A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution ...

  • New Silence hacking group suspected of having ties to cyber-security industry

    September 5, 2018

    At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...

  • ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass

    September 4, 2018

    CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections. Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank. The malware goes so far as to include bank logos that look and ...

  • Cybersecurity researchers double SCADA vulnerability finds

    September 3, 2018

    Independent cybersecurity researchers found nearly double the number of vulnerabilities in supervisory control and data acquisition (SCADA) systems in the first six months of 2018 as they did in the first half of 2017, according to a new report by Japanese multinational Trend Micro, amid rising concerns about infrastructure security. The 202 holes spotted in such ...