News


  • Google Fined €50 Million by French Watchdog for Lack of Transparency

    January 21, 2019

    Google was hit with a €50 (56,8) million financial penalty in accordance with the General Data Protection Regulation (GDPR) by the Commission Nationale de l’informatique et des Libertés (CNIL) for violating transparency and information obligations and for not obtaining user consent for processing data for ads personalization purposes. The French watchdog’s fine against Google follows complaints filed by None Of Your Business ...

  • Cumbria health trust hit by 147 cyber attacks in five years

    January 19, 2019

    The NHS in Cumbria has been hit by more than 150 cyber attacks in five years, the BBC can reveal. Of these, 147 were directed at University Hospitals of Morecambe Bay NHS Trust (UHMBT), which runs hospitals in Barrow, Kendal, Morecambe and Lancaster. The trust said it had spent £29,600 in 2017 dealing with the effects of ...

  • WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    January 18, 2019

    Details have been published today about a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. Discovered by Embedi researcher Denis Selianin, the vulnerability impacts ThreadX, a real-time operating system (RTOS) that is used as firmware for ...

  • New Android Malware Apps Use Motion Sensor to Evade Detection

    January 18, 2019

    Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research ...

  • Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

    January 18, 2019

    A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network. Cisco Small Business Switches were developed for small office and home office (SOHO) environments, to manage and control small local area networks with no ...

  • Massive Collection #1 leak exposes 773m unique records online

    January 17, 2019

    Nearly 2.7 billion records containing up to 800 million unique email addresses and more than 21 million unique passwords have been compromised and published online. The massive data leak, dubbed Collection #1, is made up of individual breaches from “literally thousands of different sources”, according to security researcher Troy Hunt, who announced his findings in a blog ...

  • Unprotected Government Server Exposes Years of FBI Investigations

    January 17, 2019

    A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case ...

  • LoJax rootkit used by Russian-linked Fancy Bear has been silently active since 2016

    January 17, 2019

    Researchers have discovered that LoJax, the malware that formed the foundation for devastating Fancy Bear attacks in 2018, has been silently active for years. Use of this infrastructure by the Russian-linked hacking group was exposed in September 2018, just a few months after the LoJax servers were first discovered by security researchers in May. LoJax was last ...

  • GCHQ sets up all-female cyber-training classes

    January 17, 2019

    All-female classes in cyber-skills are being set up by the GCHQ intelligence service, in an attempt to recruit a wider range of online security experts. Almost 90% of the cyber-skills workforce worldwide is male, says GCHQ’s cyber-defence arm, the National Cyber Security Centre (NCSC). With warnings of serious skills shortages, the security services are worried about missing ...

  • NanoCore Trojan is protected in memory from being killed off

    January 16, 2019

    The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say. The cybersecurity team from Fortinet recently captured a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document. Developed in ...

  • Gemalto reports increase in blockchain use for securing the Internet of Things

    January 15, 2019

    The use of blockchain-based technology to help secure Internet of Things (IoT) data, devices, and services doubled last year, a report from Gemalto has revealed. According to the company’s The State of IoT Security report, released on Tuesday, blockchain has emerged as a potential aid to the IoT security dilemma, with adoption of the technology surging from nine percent ...

  • The Rise of Physical Crime in the Cybercrime Underground

    January 14, 2019

    While underground forums have long been the purview of digital or internet-enabled crimes, recent developments have shown signs of increasing synergy and interaction between traditional criminals and cybercrime actors. Given the nature of the underground, it shouldn’t be a surprise that even traditional criminals communicate and even sell their wares via these underground forums. Is it ...

  • Goldman Sachs leads $8M round in cyber security skills platform Immersive Labs

    January 14, 2019

    Immersive Labs, a cyber security skills platform founded by James Hadley, who used to be a researcher at GCHQ, has raised $8 million in Series A funding. Leading the round is Goldman Sachs, with participation from a number of unnamed private investors. Operating in the cyber security training space, Immersive Labs  helps enterprise IT and other cyber security ...

  • How a hacked phone may have led killers to Khashoggi

    January 13, 2019

    Jamal Khashoggi probably thought the messages he was sending to fellow Saudi dissident Omar Abdulaziz were hidden, cloaked in WhatsApp security. In reality they were compromised — along with the rest of Abdulaziz’s phone, which had allegedly been infected by Pegasus, a powerful piece of malware designed to spy on its users. Abdulaziz, as CNN reported last ...

  • Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

    January 12, 2019

    Historically, Ryuk has been considered a targeted ransomware that scopes out a target, gained access via Remote Desktop Services or other direct methods, stole credentials, and then targeted high profile data and servers to extort the highest ransom amount possible. Ryuk has been a high profile ransomware due to its wide impact on the networks it infects, high ransom ...

  • These are the courses UK police are set to take in cybersecurity

    January 11, 2019

    As law enforcement in the UK and beyond are now expected to tackle the plague of cybersecurity-related fraud, scams, and crimes being committed for the purposes of identity theft and financial gain, they must also now become familiar with the threats, concepts, and — at the least — the basics in how such attacks are ...

  • A Zebrocy Go Downloader

    January 11, 2019

    Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy ...

  • TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

    January 11, 2019

    The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has ...

  • Army ready to embrace AI

    January 11, 2019

    Army’s acquisition organization is still working out its IT strategy, but it has laser focus on weaving artificial intelligence into the force. Army acquisition head, Bruce Jette told reporters at the Defense Writers Group breakfast Jan. 10 in Washington, D.C., that while the department isn’t where he’d like it to be, the ultimate goal is to ...

  • China Tightens Grip On Blockchain-Based Services

    January 11, 2019

    Users of blockchain-based information services will have to register their real names and identity numbers in latest crackdown – even as Hong Kong moves to attract virtual asset traders China has tightened regulatory pressure on blockchain-based information services, in an effort to ensure that authorities can trace any information posted online in the country back to the person ...