News


  • MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

    June 3, 2019

    A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the flaw Monday, describing the exploitation of the bug ...

  • Zebrocy’s Multilanguage Malware Salad

    June 3, 2019

    Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and similarities with BlackEnergy The past five years of Zebrocy infrastructure, malware set, ...

  • Unsecured database exposes 85GB in security logs of major hotel chains

    May 30, 2019

    An unsecured database that exposed the security logs — and therefore potential cybersecurity weaknesses — of major hotels including Marriott locations has been uncovered by researchers. VpnMentor researchers Noam Rotem and Ran Locar published their findings on Thursday, noting that multiple hotels have been embroiled in the security incident. The team, including co-founder of vpnMentor Ariel Hochstadt, uncovered the problematic server ...

  • Turla turns PowerShell into a weapon in attacks against EU diplomats

    May 30, 2019

    A cyberespionage group believed to be from Russia is once again striking political targets, and this time, PowerShell scripts have been weaponized to increase the power of their attacks. Turla, also known as Snake or Uroburos, has been active since at least 2008. The advanced persistent threat (APT) group was previously linked to a backdoor implanted in ...

  • Apple and WhatsApp fight proposal to let spies tap encrypted comms

    May 30, 2019

    Apple, Google, Microsoft, and WhatsApp have opposed a proposal by UK spy agency GCHQ to give spies access to end-to-end encrypted communications. Rather than add a backdoor or undermine encryption itself, technical whizzes from GCHQ and its cybersecurity unit, the National Cyber Security Centre (NCSC), suggested that service provides like Apple, Google, and Facebook could “silently ...

  • Russian military moves closer to replacing Windows with Astra Linux

    May 30, 2019

    Russian authorities have moved closer to implementing their plan of replacing the Windows OS on military systems with a locally-developed operating system named Astra Linux. Last month, the Russian Federal Service for Technical and Export Control (FSTEC) granted Astra Linux the security clearance of “special importance,” which means the OS can now be used to handle Russian ...

  • New HiddenWasp malware found targeting Linux systems

    May 29, 2019

    Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named HiddenWasp, this malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. The malware has a similar structure to another recently-discovered ...

  • Gatekeeper Bug in MacOS Mojave Allows Malware to Execute

    May 28, 2019

    Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS. Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave (10.14.0). MacOS Gatekeeper is an Apple security feature that enforces ...

  • One Million Devices Open to Wormable Microsoft BlueKeep Flaw

    May 28, 2019

    Researchers have discovered one million devices that are vulnerable to a “wormable” Microsoft flaw, which could open the door to a WannaCry-like cyberattack. One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released. The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this ...

  • Intense scanning activity detected for BlueKeep RDP flaw

    May 26, 2019

    Threat actors have started scanning the internet for Windows systems that are vulnerable to the BlueKeep (CVE-2019-0708) vulnerability. This vulnerability impacts the Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008. Microsoft released fixes for this vulnerability on May 14, as part of the ...

  • Hackers are scanning for MySQL servers to deploy GandCrab ransomware

    May 24, 2019

    At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware. These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect ...

  • Snapchat Privacy Blunder Piques Concerns About Insider Threats

    May 24, 2019

    After a report found that Snap employees were abusing their access to Snapchat data, experts are warning that insider threats will continue to be a top challenge for privacy. Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their ...

  • UK says it warned 16 NATO allies of Russian hacking activities

    May 23, 2019

    The UK has shared information on Russian hacking attacks with 16 NATO allies over the last 18 months, a British government official said today. “I can disclose that in the last 18 months, the National Cyber Security Centre has shared information and assessments with 16 NATO Allies – and even more nations outside the Alliance – ...

  • London Underground to begin tracking passengers through Wi-Fi hotspots

    May 23, 2019

    Transport for London (TfL) is planning to roll out a system to track commuters making use of public Wi-Fi hotspots across the London Underground in coming months. The UK transport agency said on Wednesday that “secure, privacy-protected data collection will begin on 8 July 2019,” with improved customer services — including warnings over delays and station congestion — ...

  • Facebook: Another three billion fake profiles culled

    May 23, 2019

    Facebook has published its latest “enforcement report“, which details how many posts and accounts it took action on between October 2018 and March 2019. During that six-month period, Facebook removed more than three billion fake accounts – more than ever before. More than seven million “hate speech” posts were removed, also a record high. For the first time, ...

  • Trickbot Watch: Arrival via Redirection URL in Spam

    May 20, 2019

    Trend Micro discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. In this particular case, the variant used Google to redirect from the URL hxxps://googledm:443/url?q=<trickbot downloader>, whereby the URL in the query string, url?q=<url>, is the malicious URL that the user is redirected to. ...

  • Google deals Huawei major blow by cutting Android licence

    May 20, 2019

    Google is set to revoke Huawei’s access to its Android mobile operating system, dealing the Chinese company a major blow in accordance with US sanctions. Other than Apple devices which run on iOS, smartphones makers including Samsung and LG are almost all dependent on the Google-developed Android operating system to power their devices. According to reports by ...

  • Security researchers discover Linux version of Winnti malware

    May 20, 2019

    For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...

  • GDPR: How Europe’s digital privacy rules have changed everything

    May 20, 2019

    On 25 May 2018 the European Union’s General Data Protection Regulation (GDPR) came into force. At its heart, GDPR set out to update rules around privacy and consent for the digital age and to ensure that organisations are responsible in their handling of their customers’ personal data – and that those customers are aware of how their data is ...

  • Overcoming the Challenge of Reactivity in Incident Response

    May 17, 2019

    This is the first blog in a three-part series where we’ll examine how security teams manage incident response processes. Here, we’ll highlight the challenges that security teams face when trying to mitigate incidents and how constraints force many teams into taking a reactive approach. This leads to incident response teams feeling the stress of scrambling to protect their business ...