News


  • Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities

    October 9, 2018

    In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD ...

  • Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data

    October 8, 2018

    Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+’s People APIs allowed third-party developers to access data for ...

  • DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story

    October 8, 2018

    Both US and UK intelligence officials have put out statements over the weekend in support of Amazon, Apple, and Supermicro in regards to recent allegations made by Bloomberg in an article published last week. On Thursday, Bloomberg reporters claimed that Chinese intelligence had secretly implanted spy chips inside motherboards used for Supermicro servers that eventually made ...

  • PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’

    October 7, 2018

    A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping. The hacking technique, found by Tenable Research and outlined on ...

  • Microsoft Has Pulled the Windows 10 October 2018 Update

    October 6, 2018

    The users recently discovered a critical bug in Windows 10 October 2018 Update (version 1809) that causes an unexpected removal of files such as documents and pictures during the upgrade process. There’s a growing number of users reporting the same problem and Microsoft has finally paused the rollout of Windows 10 October 2018 Update. Today, Microsoft announced in a support document that ...

  • California’s IoT Cybersecurity Law Sets Standards for Device Manufacturers

    October 5, 2018

    California’s cybersecurity law for the internet of things (IoT) is now official. It was approved by California Governor Jerry Brown last week, more than a year after it was introduced as SB 327 in February 2018. It bears the distinction as the first IoT-related law enacted in the U.S., and now sets security standards for the manufacturing of connected ...

  • Saudi Dissident Spyware Attack Belies Bigger Threat

    October 5, 2018

    This week, news broke that a well-known Saudi dissident has been targeted by the notorious Pegasus spyware – after he gained permanent citizen status in Canada. While this fits into pattern of ongoing attacks on “civil society” members (i.e., journalists, social justice activists, dissidents and human rights organizations), the larger pool of threats against this ...

  • Apple, Amazon Strongly Refute Server Infiltration Report

    October 4, 2018

    An explosive Bloomberg report, if true, would highlight the largest supply chain attack to have been launched against American corporations. Apple and Amazon are strongly refuting a report claiming that Chinese spies infiltrated third-party motherboards used on servers by U.S. companies. If true, the incident would be the largest supply chain attack to have been launched ...

  • UK pins ‘reckless campaign of cyber attacks’ on Russian military intelligence

    October 4, 2018

    The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...

  • Bug bounty scheme uncovers 150 vulnerabilities in US Marine Corps websites

    October 4, 2018

    Nearly 150 security vulnerabilities have been discovered in US Marine Corps websites and related services during a bug bounty challenge that saw ethical hackers awarded over $150,000. Hack The Marine Corps is the sixth public bounty program by the US Department of Defense (DoD) and bug bounty platform HackerOne. More than 100 ethical hackers took part ...

  • Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware

    October 4, 2018

    The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware. Kraken Cryptor is a Ransomware as a Service (RaaS) that is actively being distributed by affiliates. As this is an affiliate system, we are seeing different bad actors distributing the ransomware using a variety ...

  • US to offer cyberwar capabilities to NATO allies

    October 4, 2018

    Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...

  • Turla APT Changes Shape with New Code and Targets

    October 4, 2018

    The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for an APT best-known for deploying a complex rootkit called Snake, traditionally focused on ...

  • Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

    October 3, 2018

    The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and ...

  • Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad

    October 3, 2018

    Attractive to both white-hats and cybercriminals, AI’s role in security has yet to find an equilibrium between the two sides. Artificial intelligence is the new golden ring for cybersecurity developers, thanks to its potential to not just automate functions at scale but also to make contextual decisions based on what it learns over time. This can ...

  • French police officer caught selling confidential police data on the dark web

    October 3, 2018

    A French police officer has been charged and arrested last week for selling confidential data on the dark web in exchange for Bitcoin. The officer worked for Direction Générale de la Sécurité Intérieure (DGSI, translated to General Directorate for Internal Security), a French intelligence agency charged with counter-espionage, counter-terrorism, countering cybercrime and surveillance of potentially threatening ...

  • Industry backs Norway’s AI powerhouse project

    October 2, 2018

    Norway is stepping up its efforts in the rapidly evolving and increasingly commercial artificial intelligence (AI) sector. Participants in the latest programme want to reduce the country’s reliance on oil revenues by tapping into AI opportunities in its growing technology sector. Norway has traditionally played a junior role in the context of Nordic technology development, investment and ...

  • Use Windows, macOS? Don’t be hacked by PDF, patch these critical Adobe flaws now

    October 2, 2018

    Adobe’s scheduled October update for its Acrobat and Reader PDF software addresses 85 vulnerabilities, including dozens of critical flaws that allow arbitrary code execution. The patches also address multiple privilege-escalation and information-disclosure flaws, shoring up Adobe’s PDF software further following a patch for a critical Acrobat and Reader flaw plugged two weeks ago. The bugs affect Acrobat DC ...

  • Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration

    October 2, 2018

    An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines. A Cofense analysis, published Tuesday, of popular keylogging malware – which records ...

  • World Cup may have distracted malware hackers

    October 2, 2018

    This holiday season, together with the 2018 World Cup that took place in Russia, may have lulled hackers, cyber security researchers are claiming. New research from Cofense says that the distribution of TrickBot saw a significant drop during the World Cup. TrickBot is a banking malware known by constantly being updated and transformed. From April, up until ...