News


  • UK: Police Federation Confirms Ransomware Breach

    March 22, 2019

    The Police Federation of England and Wales (PFEW) has confirmed that it has suffered a ransomware attack, but has said that it was not specifically targetted and was likely to have been impacted as part of a wider campaign. The ransomware attack has apparently only impacted computers at its headquarters in Surrey, and the PFEW said ...

  • Medtronic’s Implantable Defibrillators Vulnerable to Life-Threatening Hacks

    March 22, 2019

    The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients’ chests) that gives a patient’s heart an ...

  • Facebook Stored Millions Of Passwords In Plaintext – Change Yours Now

    March 21, 2019

    By now, it’s difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. It just got even harder: On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext ...

  • OceanLotus adopts public exploit code to abuse Microsoft Office software

    March 21, 2019

    The OceanLotus hacking group is back with a new campaign in 2019 complete with new exploits, decoys, and self-extracting malicious archives. Also known as APT32, SeaLotus, APT-C-00, and Cobalt Kitty, OceanLotus is a hacking group which operates across Asia and focuses on gathering valuable intel on corporate, government, and political entities across Vietnam, the Philippines, Laos, ...

  • Cisco Patches High-Severity Flaws in IP Phones

    March 21, 2019

    The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem. Cisco Systems is urging customers to update several models of their IP phones after issuing patches for five high-severity flaws found in its popular business-focused IP phones. Impacted ...

  • Global threat group Fin7 returns with new SQLRat malware

    March 20, 2019

    The notoriously well-known threat group Fin7, also known as Carbanak, is back with a new set of administrator tools and never-before-seen forms of malware. Fin7 has been active since at least 2015 and since the group’s inception has been connected to attacks against hundreds of companies worldwide. Over 100 companies have been impacted in the United States ...

  • Aluminium Maker Hydro Goes Old School After Ransomware Attack

    March 20, 2019

    A large Norwegian manufacturing firm has had to close its website and IT operations and go old school by resorting to manual processes for its factories. It comes after a devastating ransomware attack crippled Norsk Hydro, one of the world’s largest producers of aluminium. As of Wednesday afternoon, its website was still offline, and the firm has ...

  • German States Approve Criminal Law Targeting Dark Web Infrastructure

    March 18, 2019

    Germany’s federal states have voted in favour of a measure to extend criminal sanctions against those providing infrastructure to so-called “dark web” sites used for illegal purposes, such as selling firearms, drugs or illegal content. The measure, which critics have called overly broad, is the latest sign of a crackdown in Europe and elsewhere on the internet’s perceived ...

  • London’s top attractions besieged by more than 100 million cyber attacks

    March 18, 2019

    Kew Gardens, National History Museum, Tate Gallery and Imperial War Museum have been hammered by a total of 109 million cyber attacks over the last few years according to Parliament Street. The research firm issued a Freedom of Information (FOI) request to the four leading tourist attractions in London to uncover just how secure their IT ...

  • Is it still a good idea to publish proof-of-concept code for zero-days?

    March 18, 2019

    More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by threat actors who usually start attacks within hours or days, and don’t give end-users enough time to patch impacted systems. There has been a debate about this issue, especially ...

  • Mirai Variant Goes After Enterprise Systems

    March 18, 2019

    The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises. Researchers have discovered a new variant of the infamous Mirai IoT botnet, which has been sniffing out and targeting vulnerabilities in enterprise wireless presentation and display systems since January. Palo Alto Network’s Unit 42 researchers said that the newest ...

  • Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web

    March 17, 2019

    A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace. This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which ...

  • UK cyber-security efforts criticised by audit office

    March 15, 2019

    The government has been told there are “failings” in the way it is planning to protect the UK’s critical infrastructure from cyber-attacks. The warning came in a National Audit Office (NAO) assessment of the UK’s national cyber-defence plan. The government is increasingly worried that these essential sectors will be targeted by foreign states seeking to disrupt UK ...

  • ASD reveals rules for keeping vulnerabilities secret

    March 15, 2019

    The Australian Signals Directorate (ASD) has quietly published its process for deciding when knowledge of cybersecurity vulnerabilities is kept secret. This is the first official acknowledgement that the ASD might not disclose all of the vulnerabilities it discovers. However, knowledge of secret vulnerabilities would have always been an essential part the agency’s toolkit for offensive cyber ...

  • Patched WinRAR Bug Still Under Active Attack – Thanks to No Auto-Updates

    March 15, 2019

    Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that was patched ...

  • Disrupting the Attack Chain Through Detecting Credential Dumping

    March 15, 2019

    There are various steps that an attacker must follow in order to execute any successful attack, with the initial compromise being just one stage in the overall attack chain. Once attackers have successfully breached the perimeter of an organization, they enter into the lateral movement phase where they attempt to tiptoe through a network, identifying ...

  • IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’

    March 14, 2019

    That’s according to researchers with Proofpoint, who found that in the past half year, a staggering 60 percent of Microsoft Office 365 and G Suite tenants have been targeted with IMAP-based password-spraying attacks; and 25 percent of those targeted experienced a full-on breach as a result. Password-spraying attacks are when an attacker attempts to access a large ...

  • Talking to RATs: Assessing Corporate Risk by Analyzing Remote Access Trojan Infections

    March 14, 2019

    Remote access trojans (RATs) on a corporate system may serve as a key pivot point to access information laterally within an enterprise network. By analyzing network metadata, Recorded Future analysts were able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks were communicating to those controllers. This approach allows Recorded Future to ...

  • Businesses warned over a new breed of BitLocker attacks

    March 14, 2019

    Devices protected using Microsoft BitLocker can be physically breached in a new form of attack that involves extracting the encryption keys from a computer’s Trusted Platform Module (TPM) chip. By hardwiring equipment into a computer’s motherboard, namely the TPM chip, attackers would be primed to access any sensitive corporate information stored on encrypted hard drives. This ...

  • The fourth horseman: CVE-2019-0797 vulnerability

    March 13, 2019

    The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. ...