News – May 2019


  • Spam and phishing in Q1 2019

    May 15, 2019

    As per tradition, phishing timed to coincide with lovey-dovey day was aimed at swindling valuable confidential information out of starry-eyed users, such as bank card details. The topics exploited by cybercriminals ranged from online flower shops to dating sites. But most often, users were invited to order gifts for loved ones and buy medications such as ...

  • May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

    May 15, 2019

    Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately ...

  • Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call

    May 14, 2019

    WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp’s VOIP function. An attacker would need to call a target and ...

  • Intel CPUs Impacted By New Class of Spectre-Like Attacks

    May 14, 2019

    A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), consist of four different attacks, which all ultimately depend on different ways of executing ...

  • Unsecured server exposes data for 85% of all Panama citizens

    May 13, 2019

    An Elasticsearch server left connected to the internet without a password, or firewall protection, has leaked what appears to be personal records and patient information for roughly 85 percent of Panama’s citizens. The leaky server was found online last week by Bob Diachenko, founder and security researcher with Security Discovery. The Elasticsearch server, a technology used to power fast ...

  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear

    May 13, 2019

    A vulnerability disclosed today allows hackers to plant persistent backdoors on Cisco gear, even over the Internet, with no physical access to vulnerable devices. Named Thrangrycat, the vulnerability impacts the Trust Anchor module (TAm), a proprietary hardware security chip part of Cisco gear since 2013. This module is the Intel SGX equivalent for Cisco devices. The TAm ...

  • Two years after WannaCry, a million computers remain at risk

    May 12, 2019

    Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had spread across ...

  • ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks

    May 11, 2019

    The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in a campaign that continued over the course of 2018, the group used ...

  • North Korea debuts new Electricfish malware in Hidden Cobra campaigns

    May 10, 2019

    The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have released a joint security advisory warning of a new strain of malware being used in North Korean cyberattacks. Dubbed Electricfish, the malware was uncovered while the departments were tracking the activities of Hidden Cobra, a threat group believed to be state-sponsored and ...

  • Lax Telco Security Allows Mobile Phone Hijacking and Redirects

    May 9, 2019

    As anyone who has called into a bank or utility provider lately knows, security for customer service routines – the prescribed ways in which support reps verify the identity of customers that call in – are being continually upgraded. Two-factor authentication, voice passwords, various security questions (“what was the name of your first pet,” for ...

  • FIN7.5: the infamous cybercrime rig “FIN7” continues its activities

    May 8, 2019

    On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to ...

  • Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

    May 7, 2019

    Hacking tools allegedly developed by the National Security Agency (NSA) were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with the Chinese government known as Buckeye (a.k.a. APT3 or Gothic ...

  • INTERPOL World 2019 Programme Takes on a New Format

    May 7, 2019

      Press Release The world’s largest international police organization, INTERPOL, has announced that the third edition of INTERPOL World will take place from 2 to 4 July 2019 at Sands Expo & Convention Centre, Marina Bay Sands Singapore. Owned by INTERPOL and supported by Singapore’s Ministry of Home Affairs, this year’s edition will focus on the theme of ‘Engaging ...

  • Surge of MegaCortex ransomware attacks detected

    May 6, 2019

    UK cyber-security firm Sophos reported detecting a spike in ransomware attacks at the end of last week from a new strain named MegaCortex. Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions –in a tactic that is known as “big-game hunting.” The modus operandi is ...

  • Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March

    May 6, 2019

    Microsoft Office 365 remains an attractive target for cybercriminals as it continues to be used by businesses worldwide. In a new report from Barracuda Networks, the company revealed that more than 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts of their customers in March 2019 alone. The increase in the ...

  • Japanese government to create and maintain defensive malware

    May 3, 2019

    The Japanese Defense Ministry will create and maintain cyber-weapons in the form of malware that it plans to use in a defensive capacity. Once created, these malware strains, consisting of viruses and backdoors, will become Japan’s first-ever cyber-weapon, Japanese media reported earlier this week, citing a government source . The malware is expected to be finished by ...

  • DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

    May 1, 2019

    In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the ...

  • NSA surveillance of foreign nationals surges

    May 1, 2019

    The US National Security Agency’s latest transparency report has revealed the increased surveillance of foreign nationals and their communications records in intelligence operations. The Office of the Director of National Intelligence (ODNI) published its sixth “Statistical Transparency Report Regarding Use of National Security Authorities” report on Tuesday. The report (.PDF) outlines the use of warrants, the activities of ...

  • Mysterious hacker has been selling Windows 0-days to APT groups for three years

    May 1, 2019

    For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage groups –also known as APTs (advanced persistent threats)– will regularly buy zero-day exploits from third-party entities, ...

  • Dell laptops and computers vulnerable to remote hijacks

    May 1, 2019

    A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many users are likely ...