News


  • From Fileless Techniques to Using Steganography: Examining Powload’s Evolution

    March 12, 2019

    Powload’s staying power in the threat landscape shows how far it has come. In fact, the uptick of macro malware in the first half of 2018 was due to Powload, which was distributed via spam emails. Powload was also one of the most pervasive threats in the North American region in 2018, using various techniques to deliver payloads such ...

  • Island hopping: The latest security threat you should be aware of

    March 12, 2019

    While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...

  • North Korean Hackers Behind $571M Crypto Heists Says UN Report

    March 12, 2019

    North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council. According to the report provided by the panel which comes as a confirmation of what security researchers have previously reported, “cyberspace is used by the DPRK as ...

  • New SLUB Backdoor Uses GitHub, Communicates via Slack

    March 11, 2019

    In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin of the indicator that they shared. What we do know is that it was a screenshot from one of the client’s internal computers taken on ...

  • NASA’s crap infosec could be ‘significant threat’ to space ops

    March 11, 2019

    NASA’s Office of the Inspector General has once again concluded the American space agency’s tech security practices are “not consistently implemented”. Confirmation that the US government department’s infosec abilities are not up to scratch was a repeat of last year’s federally mandated security audit, which also found that processes and procedures were below par. Oversight personnel from ...

  • Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

    March 11, 2019

    Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by “international cyber criminals.” Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing ...

  • Georgia county pays a whopping $400,000 to get rid of a ransomware infection

    March 9, 2019

    Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The ransomware hit the county’s internal network last week, on Friday, March 1, 11Alive reported on Wednesday. The infection forced most of the local government’s IT systems offline, with the exception of its website and 911 ...

  • Operational Technology Widens Supply Chain Attack Surfaces

    March 8, 2019

    Today’s supply chain has evolved, with operational technology (OT) used in factories increasingly becoming connected and converging with IT systems — introducing new attack vectors. This new reality is vital for companies to understand in the context of risk, according to Dawn Cappelli, vice president of global security and CISO at Rockwell Automation and Edna Conway, ...

  • Email verification service takes itself offline after 800 million records get publicly exposed

    March 8, 2019

    An online email verification service has taken itself offline after approximately 809 million of its customers’ emails were exposed through an unprotected server. Researchers discovered a non-password protected MongoDB instance amounting to 150GB of data split across four separate collections last week. They analysed this exposed data, 808,593,939 records in total, and published their findings on Thursday. The exposed ...

  • New SLUB Backdoor Uses GitHub, Communicates via Slack

    March 7, 2019

    We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected to the infecting code. In this case, each visitor is redirected only ...

  • Whitefly: Espionage Group has Singapore in Its Sights

    March 6, 2019

    Group behind the SingHealth breach is also responsible for a string of other attacks in the region. In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until now, nothing was known about who was responsible for this attack. Symantec researchers have discovered that ...

  • NSA releases Ghidra, a free software reverse engineering toolkit

    March 6, 2019

    At the RSA security conference today, the National Security Agency, released Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade. The tool is ideal for software engineers, but will be especially useful for malware analysts first and foremost. The NSA’s general plan was to release Ghidra so ...

  • Google reveals Chrome zero-day under active attacks

    March 6, 2019

    Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks. The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019. According to an update to its original announcement and a tweet from Google Chrome’s security lead, ...

  • Data-Wiping Cyberattacks Plague Financial Firms

    March 6, 2019

    Over a quarter of surveyed financial institutions reported that they were targeted by destructive cyberattacks over the past year, bent on completely destroying data. That’s according to a new Carbon Black report unveiled at RSA this year. The report, “Modern Bank Heists: The Bank Robbery Shifts to Cyberspace,” outlines the top attacks that financial firms are facing ...

  • Hide yo’ kids, hide yo’ clouds: Zerodium offering big bucks for cloud zero-days

    March 5, 2019

    Exploit vendor Zerodium announced today plans to pay a whopping $500,000 for zero-days in popular cloud technologies like Microsoft’s Hyper-V and (Dell) VMware’s vSphere. Both Hyper-V and vSphere are what experts call virtualization software, also called hypervisors –software that lets a single “host” server create and run one or more virtual “guest” operating systems. Virtualization software is ...

  • Saudi app used to track women ‘not against’ Google rules

    March 4, 2019

    Google has remained silent over reports it told a US congresswoman that a controversial app was not in breach of its terms and conditions. Saudi app Absher can be used by men to track women and prevent them from travelling. The office of Jackie Speier confirmed to the BBC that a verbal conversation took place with Google ...

  • IoT Devices Under Constant Attack

    March 4, 2019

    ‘Secure your IoT devices’ is the message from security specialist Cyxtera Technologies, after research found that IoT devices are now under constant attack. The research was conducted jointly by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design. They detected more than 150 million connection attempts to 4,642 distinct IP addresses ...

  • Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers

    March 4, 2019

    Trend Micro analyzed a fileless malware with multiple .BAT attachments and a batch file from IoCs reported by researchers online that was capable of opening an IP address, downloading a PowerShell with a banking trojan payload, and installing a hack tool and an information stealer. Looking further, we observed it stealing machine information and user ...

  • Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers

    March 4, 2019

    Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter, the cyber espionage ...

  • How the Dark Web Data Bazaar Fuels Enterprise Attacks

    March 3, 2019

    It seems every aspect of our lives is available to be found somewhere on the internet. And the information available isn’t simply embarrassing browsing histories but ranges from our medical histories to the logon credentials we use to access many of our online services. This is certainly a privacy concern, but it’s also increasingly an enterprise ...