News


  • Poor cybersecurity could destabilise increasingly complex energy grids

    July 26, 2018

    The future of smart energy grids, with automatic management of both supply and demand, is “looking really interesting”, says Phil Kernick, chief technology officer at security firm CQR Consulting. But the current state of the technology and its security is a problem. “The distribution systems and the generation systems were deployed a decade and a half ...

  • NetSpectre — New Remote Spectre Attack Steals Data Over the Network

    July 26, 2018

    A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass ...

  • Hackers Breach Virginia Bank, Make Off With Millions

    July 25, 2018

    Hackers have compromised a bank in the United States twice in the past eight months and made off with millions of dollars. But the cyber attacks has resulted in a spat between the bank and its insurer provider which is refusing to fully cover the losses. The incident is a salient reminder of the online threat being ...

  • US firms overconfident in their cybersecurity preparedness

    July 25, 2018

    A new survey finds that American firms overrate how prepared they are for a cyberattack. Research and consulting firm Ovum found that 68% of US firms believe they have better-than-average cyber-readiness for their industry. As humans, we often overrate our own abilities, with more than 50% of a group thinking they’re above-average at some task, like ...

  • iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

    July 25, 2018

    India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article, earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile device management (MDM) ...

  • Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions

    July 25, 2018

    Active attack group is eager to make use of available tools, research, and the work of other threat actors. Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017. The group tends ...

  • Japan crafts new cybersecurity strategy for 2020 Tokyo Olympics

    July 25, 2018

    The government crafted a new cybersecurity strategy Wednesday as it steps up preparations for the Tokyo Olympic and Paralympic Games in 2020. During a meeting at the prime minister’s office, it also decided to introduce a five-stage index to classify the severity of cyberattacks to help people understand the magnitude of threats and take necessary action. The ...

  • No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

    July 24, 2018

      The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, ...

  • Emotet Malware Evolves Beyond Banking to Threat Delivery Service

    July 24, 2018

    The Emotet trojan has been popping up in the news for years: From widespread malspam infections of banking German targets in 2014, all the way up to the costly infection of a New Hampshire town’s computer network in July. And while the tricky Emotet malware first emerged targeting banking credentials, lately researchers have spotted the trojan ...

  • New Bluetooth Hack Affects Millions of Devices from Major Vendors

    July 23, 2018

    Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from ...

  • Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

    July 20, 2018

    A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...

  • Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen

    July 20, 2018

    Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics. According to an advisory released by Singapore’s Ministry ...

  • Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch

    July 20, 2018

    Hackers stole almost $1m from a Russian bank earlier this month after breaching its network via an outdated router. PIR Bank was looted by the notorious MoneyTaker hacking group, according to Group-IB, the Moscow-based security firm called in by the bank to handle incident response. Funds were stolen on 3 July through the Russian Central Bank’s Automated ...

  • Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

    July 18, 2018

    The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company. Researchers have discovered yet another misconfigured repository bucket – this time leaking the information of U.S. voters. The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company called Robocent. Kromtech Security researchers, ...

  • Indictments Against 12 Russians Show How Hackers Were Hacked

    July 18, 2018

    Hi everybody, Jordan Robertson here. I cover cybersecurity in Washington, D.C. Today’s newsletter is about Special Counsel Robert Mueller’s indictment this week of 12 Russian military officers for allegedly orchestrating the hacks of the 2016 U.S. presidential election. The indictment, which I encourage you to read if you’re interested in technical details about how the hacks worked, is remarkable in a number ...

  • EU fines Google $5 billion over Android antitrust abuse

    July 18, 2018

    European Union regulators have slapped Alphabet-owned Google with a record 4.34 billion euro ($5 billion) antitrust fine for abusing the dominance of its Android mobile operating system, which is by far the most popular smartphone OS in the world. Google said in a statement that it would appeal the ruling, arguing against the EU’s view that its software is restrictive of fair competition. European ...

  • DDoS Attacks Get Bigger, Smarter and More Diverse

    July 17, 2018

    DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...

  • Microsoft Offers $100,000 Bounty for Finding Bugs in Its Identity Services

    July 17, 2018

    Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its “identity services.” Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk. Since new security today depends on the collaborative communication of ...

  • Investigation reveals elaborate technology terror web

    July 16, 2018

    In late December 2015 a uniformed Pentagon spokesman, Colonel Steve Warren, made a video announcement about “Operation Inherent Resolve”, the US military’s campaign against the so-called Islamic State (IS) group in Iraq and Syria. The spokesman gave details about 10 senior IS figures who had been targeted and killed, many in drone strikes, over the course ...

  • Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users

    July 13, 2018

    Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and ...