News – December 2017


  • ‘Significant amount’ of sensitive security data stolen in Perth Airport hacking

    December 10, 2017

    A skilled hacker in Vietnam stole sensitive security details and building plans from Perth Airport after breaking into its computer systems. The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get access to the airport’s computer systems in March last year. Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair ...

  • Pre-Installed Keylogger Found On Over 460 HP Laptop Models

    December 8, 2017

    HP has an awful history of ‘accidentally’ leaving keyloggers onto its customers’ laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes ...

  • Banking Apps Found Vulnerable to MITM Attacks

    December 7, 2017

    Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Computer Science at the University of Birmingham that found the flaw, the vulnerability impacted nine apps belonging ...

  • Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

    December 7, 2017

    A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who ...

  • International team takes down virus-spewing Andromeda botnet

    December 5, 2017

    Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Andromeda botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware onto infected PCs. It was shut down on November 29 in a combined operation by Europol, ...

  • CS4CA USA set to double in size for 2018

    December 4, 2017

    In a major step for the Cyber Security for Critical Assets Summit series, Qatalyst Global are very proud to announce that the 2018 USA edition will double in size and feature two distinct work streams, focusing on corporate IT and operational technology respectively. For all the talk of convergence, the two remain distinct fields, and ...

  • The Critical Manufacturing Cyber Security Summit comes to Europe

    December 4, 2017

    After two sold-out editions in Chicago in 2016 and 2017, Qatalyst Global will be bringing the ManuSec Summit to Germany next year. We’ll be in Munich, the industrial heartland of Europe, with a blend of high-level, strategic discussion and practical, hands-on advice that participants will take back to their organisations. Behind this exciting expansion is Cecilia ...

  • Ursnif Trojan Adopts New Code Injection Technique

    December 4, 2017

    Hackers are testing a new variation of the Ursnif Trojan aimed at Australian bank customers that utilizes novel code injection techniques. Since the summer of 2017, IBM X-Force researchers report that Ursnif (or Gozi) samples have been tested in wild by a new malware developer. The samples are a noteworthy upgrade from previous versions. “This finding is ...

  • RSA coughs to critical-rated bug in its authentication SDK

    December 3, 2017

    RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Agent for Web for Apache Web Server”. If the authentication agent is configured to use UDP there’s ...

  • PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers

    December 3, 2017

    Global e-commerce business PayPal has disclosed a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at a payment processing company PayPal acquired earlier this year. PayPal Holdings Inc. said Friday that a review of its recently acquired company TIO Networks showed evidence of unauthorized access to the company’s network, including some confidential ...

  • UK government bans all Russian anti-virus software from Secret-rated systems

    December 3, 2017

    The United Kingdom’s National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software. A guidance note published last Friday and distributed to permanent secretaries of government departments, addressed “The issue of supply ...

  • NSA employee pleads guilty after stolen classified data landed in Russian hands

    December 1, 2017

    A former National Security Agency hacker has admitted to illegally taking highly classified information from the agency’s headquarters, which was later stolen by Russian hackers. Nghia Pho, 67, a Maryland resident who worked for the NSA’s Tailored Access Operations, the agency’s elite hacking unit, entered a guilty plea on Friday to charges of willful retention of ...