News


  • DOD doesn’t keep track of duplicate or obsolete software

    December 18, 2018

    The US Marine Corps, the Navy, and the Air Force are not keeping track of their software inventories, according to a report released today by the US Department of Defense Inspector General (DOD IG). Auditors said management at many services part of these three military branches “did not consistently rationalize their software applications” leading to situations where they ...

  • Cyber security breaches rising across UK defence sector

    December 18, 2018

    UK defence secrets are increasingly being exposed to hostile nation states after the number of security breaches in the sector rose this year. Heavily-redacted records obtained by Sky News show an increase in incidents reported to the Ministry of Defence (MoD) between January and October compared to the same period in 2017. Sky News previously revealed the ...

  • Charming Kitten Iranian Espionage Campaign Thwarts 2FA

    December 17, 2018

    The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Kitten. The campaign has been tailored to get around two-factor authentication in order to compromise email ...

  • Fileless GandCrab As Seen by SandBlast Agent

    December 17, 2018

    January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries. In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and ...

  • Facebook Flaw Exposes Private Photos for 6.8M Users

    December 14, 2018

    The bug allowed 1,500 apps built by 876 developers to view users’ unposted “draft” photos. Facebook on Friday disclosed a bug in its platform that it said enabled third-party apps to access unpublished photos of 6.8 million users. Facebook stores copies of photo drafts, so if someone uploads the photo but doesn’t finish posting it, the photo ...

  • Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail

    December 14, 2018

    Organizations in Saudi Arabia and the UAE have been hit in latest attacks that involve new wiper malware. After a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East. These latest Shamoon attacks are doubly destructive, since they involve a new wiper (Trojan.Filerase) ...

  • Cybercriminals Use Malicious Memes that Communicate with Malware

    December 14, 2018

    Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 ...

  • Electric Vehicle Charging Stations Open to IoT Attacks

    December 14, 2018

    Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire. Given that creating proof-of-concept (PoC) cyberattacks for the Internet of Things (IoT) is essentially like shooting fish in a barrel these days, perhaps it’s not exactly surprising that a new niche category ...

  • LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

    December 13, 2018

    Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018.  Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 , which has been used used in limited email campaigns. ...

  • Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak

    December 13, 2018

    On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...

  • IDA and CIT champion new ‘Cyber Ireland’ infosec cluster

    December 13, 2018

    Could ambitious endeavour make Ireland the Fort Knox of infosec? IDA Ireland and Cork Institute of Technology (CIT) have joined forces on an initiative to establish Cyber Ireland, a national cybersecurity cluster. Cyber Ireland will provide a collective voice to represent the needs of the cybersecurity sector across the country and will address key challenges including skills needs, ...

  • Ships infected with ransomware, USB malware, worms

    December 12, 2018

    Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals. The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups. While the document contains ...

  • Supply Chain Security: Managing a Complex Risk Profile

    December 12, 2018

    Experts sound off on how companies can work with their third-party suppliers and partners to secure the end-to-end supply chain. NYC — From Delta Airlines to Best Buy, a number of big-name companies were involved this year in data breaches – but even though their names made headlines, the actual security incidents occurred due to flaws in third-party partners. Across ...

  • Operation Sharpshooter Uses Fileless Malware to Attack Global Infrastructure

    December 12, 2018

    The McAfee Advanced Threat Research team detected a malware campaign dubbed Operation Sharpshooter which attacked nuclear, defense, energy, and financial targets from all over the world. As detailed by McAfee’s research team, the campaign dubbed “Operation Sharpshooter” makes use of an in-memory essential to download and execute a second stage payload named Rising Sun. Moreover, the Rising Sun implant ...

  • New Variant of Shamoon Malware Uploaded to VirusTotal

    December 12, 2018

    A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet. Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies in 2012, when it destroyed data on over 30,000 systems. An updated ...

  • Large Organizations Face Up to Several Million Targeted Bot Attacks per Day

    December 12, 2018

    According to an Osterman Research report, 211 large organizations with a mean of 16,822 employees have reported that during most weeks they experienced an average of 3,700 bot attacks targeting Internet exposed web apps. Bot attacks (also known as botnet attacks) make use of large numbers of connected computers to try and take down entire networks, websites, ...

  • EU negotiators reach agreement on cybersecurity act

    December 11, 2018

    Representatives from the European Commission, Council and Parliament on Monday (10 December) evening banded together to strengthen the bloc’s Cybersecurity efforts, reaching agreement on the EU’s cybersecurity act. The measures approved will see more resources and greater responsibility afforded to the EU’s cybersecurity agency, ENISA, as well as establishing a certification framework that will set cybersecurity standards ...

  • For the fourth month in a row, Microsoft patches Windows zero-day used in the wild

    December 11, 2018

    Today, Microsoft released its monthly security patches –known as the Patch Tuesday updates. This month the Redmond-based company fixed 38 vulnerabilities across a large set of products. For the fourth month in a row, Microsoft patched a Windows OS zero-day vulnerability that was being exploited in the wild. Just like in the last two months, and for ...

  • Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure

    December 11, 2018

    Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. When events of geopolitical significance hit the papers, researchers look for parallel signs of sub rosa cyber activity carried out by state-sponsored threat actors—espionage, sabotage, coercion, information operations—to complete the picture. After all, behind every story may lurk ...

  • Financial Conduct Authority warns asset management industry facing cyber risks

    December 10, 2018

    The asset management industry suffers from a lack of expertise and preparedness with regard to cyber security, and is risking “serious harm to its clients” and the wider market, the Financial Conduct Authority (FCA) has warned. In a multi-firm review of the asset management and wholesale banking sectors published today (10 December), the FCA also found an overreliance ...