• White House picks new chief to oversee cyber-weapons group

    June 22, 2018

    The White House has a new leader of a largely secretive government group that decides whether software and hardware vulnerabilities should be withheld from the public to help the government conduct cyber operations. Grand Schneider, the federal chief information security officer and senior director at the National Security Council, was named head of the Vulnerabilities Equities Process (VEP) ...

  • Dixons Carphone prepare for backlash following data breach

    June 21, 2018

    Firm faces possible fine under GDPR after data breach went undetected Dixons Carphone faces further woes as its full-year earnings were hit, as it battle against the backlash of a serious cyber breach revealed last week. Falling gross profits and a plummeting share price were expected as the investigation continues into the data breach that compromised ...

  • GCHQ chief highlights UK’s ‘critical role’ in thwarting European attacks

    June 19, 2018

    Speaking after meetings at NATO’s Brussels headquarters, Jeremy Fleming cited GCHQ’s involvement in disrupting terrorist activity on the continent in a bid to highlight the importance of UK-EU security links. The comments will be viewed in some quarters as a pointed intervention in the Brexit debate, coming hot on the heels of remarks by the EU’s chief ...

  • APT15 Pokes Its Head Out With Upgraded MirageFox RAT

    June 19, 2018

    The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This is the first evidence of the China-linked actor’s activity since hacking the U.K. government and military ...

  • FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users

    June 19, 2018

    Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published ...

  • Olympic Destroyer Returns to Target Biochemical Labs

    June 19, 2018

    Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishing documents that share much in common with the weaponized ...

  • F-Secure to buy cyber security firm MWR

    June 19, 2018

    Data securitycompany F-Secure said on Monday it had agreed to acquire Britain-based MWR InfoSecurity for 80 million pounds ($106 million) in cash to widen its range of cyber security services. The Finnish company, which is best known for its anti-virus protection products for consumer and businesses, said the deal would make it the largest European provider of services that help ...

  • Ex-CIA employee charged with leaking ‘Vault 7’ hacking tools to Wikileaks

    June 18, 2018

    A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency’s history. Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 ...

  • Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”

    June 18, 2018

    A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted. Axis deploys a ...

  • Researchers warn SCADA systems are still hopelessly insecure

    June 18, 2018

    BSides Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines. Read more… Source: The ...

  • PLATINUM SECURITY EXHIBITION – 10-12 April 2019: International Exhibition for Private Sector

    June 15, 2018

    The world private security market is growing rapidly. Faced with the rise of malicious acts, and growing insecurity, players in the field (businesses, high-end shops, luxury infrastructure, personalities, …) need to secure their properties and their spaces. Thousands of sites are to be equipped and the needs in new or proven technologies are real. Platinum ...

  • Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature

    June 14, 2018

    Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone’s lightning cable port into a charge-only interface if someone hasn’t unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn’t be able ...

  • Chinese Hackers Carried Out Country-Level Watering Hole Attack

    June 14, 2018

    Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a ...

  • GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone’s Signature

    June 14, 2018

    A security researcher has discovered a critical vulnerability in some of the world’s most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail, in PGP and S/Mime encryption tools that ...

  • Yahoo fined £250,000 by UK watchdog over data breach

    June 13, 2018

    The UK Information Commissioner’s Office (ICO) has fined Yahoo £250,000 over a data breach which occurred in 2014. The data breach resulted in the theft of at least 500 million records. It is believed that names, email addresses, telephone numbers, dates of birth, hashed passwords, and some “encrypted or unencrypted security questions and answers” were compromised. Yahoo has ...

  • Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist

    June 13, 2018

    A cyberattack against Chile’s largest financial institution last month, which reportedly destroyed 9,000 workstations and 500 servers, was actually cover for a larger plot to compromise endpoints handling transactions on the SWIFT network. When the dust settled on the attacks, investigators said $10 million was stolen from Banco de Chile and funneled off to an account in Hong ...

  • Lazarus Group used ActiveX zero-day vulnerability to attack South Korean security think tank

    June 13, 2018

    An ActiveX zero-day vulnerability used in attacks against a South Korean think tank has been connected to Lazarus Group. The target of these attacks was the Sejong Institute, a non-profit South Korean think tank which conducts research on national security. The private organization works with academic institutions worldwide. Read more… Source: ZDNet  

  • Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

    June 12, 2018

    Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by attackers. Essentially, Apple makes an API available ...

  • New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices

    June 12, 2018

    Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) ...

  • InvisiMole Burrows into Targets with Rich Espionage Tools

    June 11, 2018

    Researchers are expressing concern over a versatile spyware called InvisiMole that has been spotted in highly targeted campaigns targeting Windows PCs in Russia and the Ukraine. The malicious code, which comes in 32-bit and 64-bit versions, has a modular architecture, with two different, feature-rich backdoors that have overlapping functionality. Read more… Source: ThreatPost