News – February 2018


  • A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

    February 15, 2018

    Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs ...

  • UK names Russia as source of NotPetya, USA follows suit

    February 15, 2018

    The United Kingdon’s Foreign and Commonwealth Office has formally “attributed the NotPetya cyber-attack to the Russian Government”, specifically the nation’s military. “The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity,” said a February-15th-dated statement from Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of ...

  • Reported Critical Vulnerabilities In Microsoft Software On the Rise

    February 15, 2018

    The number of reported vulnerabilities in Microsoft software has mounted from 325 in 2013 to 685 last year, a rise of 111 percent, according to new research. Moreover, there has also been a 54 percent increase in critical Microsoft vulnerabilities since 2016, researchers at Avecto said in their report, which is based on data from Microsoft’s Security ...

  • Equifax Lost Even More Information on Consumers Than It Told the Public

    February 14, 2018

    Confidential documents filed with the US Senate Banking Committee suggest that Equifax could have lost considerably more personal information about over 145 million Americans to hackers than it’s publicly let on, CNN Money reported. While Equifax had disclosed that names, dates of birth, and Social Security numbers might have been compromised, as well as some drivers’ license ...

  • Researchers Find New Twists In ‘Olympic Destroyer’ Malware

    February 14, 2018

    Researchers have uncovered new wrinkles in the “Olympic Destroyer” malware attack that targeted the Winter Olympics in Pyeongchang, South Korea. Cisco Talos researchers now believe the malware also wipes files on shared network drives. Originally researchers believed the malware only targeted single endpoints. Researchers also now believe the credentials-stealing component of the malware is more dynamic than originally ...

  • Unicode Technique Used to Deliver Cryptomining Malware Through Telegram

    February 13, 2018

    Attackers are using the time-tested right-to-left override technique to deliver cryptomining malware through the popular Telegram messaging application, say researchers. The right-to-left (RLO) technique uses Unicode to hide malicious file names and trick users into executing what appear to be benign files. It is a tactic that enables malware authors to hide the real name of ...

  • German court rules Facebook’s use of personal data ‘illegal’

    February 13, 2018

    A German consumer rights group has said that a court had found Facebook’s use of personal data to be illegal because the US social media platform did not adequately secure the informed consent of its users. The verdict, from a Berlin regional court, comes as Big Tech faces increasing scrutiny in Germany over its handling of sensitive personal data that enables ...

  • PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

    February 12, 2018

    The Pyeongchang Winter Olympics taking place in South Korea was disrupted over the weekend following a malware attack before and during the opening ceremony on Friday. The cyber attack coincided with 12 hours of downtime on the official website for the Winter Games, the collapse of Wi-Fi in the Pyeongchang Olympic stadium and the failure of ...

  • UK Government website offline after hack infects thousands more worldwide

    February 11, 2018

    More than 5,000 websites have been hacked to force visitors’ computers to run software that mines a cryptocurrency similar to Bitcoin. Users loading the websites of the Information Commissioner’s Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon – and even the homepage of the United States Courts ...

  • Zerodium offers $45,000 for Linux zero-day vulnerabilities

    February 9, 2018

    Zerodium is offering $45,000 to hackers willing to privately report zero-day vulnerabilities in the Linux operating system. On Thursday, the private exploit acquisition program announced the new addition to its bounties on Twitter. Until 31 March, Zerodium is willing to offer increased payouts of up to $45,000 for local privilege escalation (LPE) exploits. Read more… Source: ZDNet  

  • Australia stepping up foreign cooperation on state-level cyber deterrence

    February 9, 2018

    The Australian government is increasingly concerned about the blurring of state and non-state activity, in particular that certain states have used third-party criminal groups to mask their cyber-based activity, a joint parliamentary committee has heard. Addressing an inquiry into Australia’s trade system and the digital economy on Friday, Australia’s first Ambassador for Cybercrime Tobias Feakin said ...

  • Crucial iPhone source code posted in unprecedented leak

    February 8, 2018

    Critical, top secret Apple code for the iPhone’s operating system was posted on Github, opening a new, dangerous avenue for hackers and jailbreakers to access the device, Motherboard reported. The code, known as “iBoot,” has since been pulled, but Apple may have confirmed it was the real deal when it issued a DMCA takedown to Github, as Twitter user ...

  • A Faraday cage or air gap can’t protect your device data from these two cyberattacks

    February 8, 2018

    Two common methods of physical cybersecurity, air gapping and Faraday cages, have been found breachable in two papers released by researchers from Ben-Gurion University. Faraday cages are grounded cages made of electrically conductive material that can completely block electromagnetic fields and signals. Air-gapped computers are those completely isolated from outside networks and signals. Air-gap setups commonly include Faraday ...

  • Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware

    February 7, 2018

    Security researchers have discovered a custom-built piece of malware that’s wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao, the attack campaign discovered by the security researchers at Bitdefender have been targeting organizations in the government, ...

  • Tillerson proposes Cyberspace and Digital Economy Bureau to address security, policy creation

    February 7, 2018

    US Secretary of State Rex Tillerson wants to develop a Bureau of Cyberspace and the Digital Economy, according to a letter from him to Edward Royce, the chair of the committee of foreign affairs. The bureau, as described in the letter, would help the US lead international efforts in all aspects of cyberspace. As the world, its economy, ...

  • X.509 metadata can carry information through the firewall

    February 6, 2018

    A security researcher, who last year demonstrated that X.509 certificate exchanges could carry malicious traffic, has now published his proof-of-concept code. Fidelis Cybersecurity’s Jason Reaves has disclosed a covert channel that uses fields in X.509 extensions to sneak data out of corporate networks. The X.509 standard defines the characteristics of public key certificates, and anchors much of ...

  • ISNR Abu Dhabi 2018 to Examine Role of Artificial Intelligence in Homeland Security in Line with UAE Leadership’s Vision

    February 5, 2018

    Artificial intelligence to form essential component of Infosecurity Middle East, ME3S, collocated forums AI has potential to transform national security technology, says US study Reed Exhibitions, the leading global event organiser, confirmed that in line with the UAE leadership’s vision, artificial intelligence (AI) will form an important underlying component of the eighth edition of the International Exhibition ...

  • DDoS mystery: Who’s behind this massive wave of attacks targeting Dutch banks?

    February 1, 2018

    There is as yet no indication of who is behind the massive distributed denial of service (DDoS) attacks on Netherlands banks and government websites that ran from last weekend to Tuesday. Initial reports suggesting a Russian connection appear baseless. The attacks began just a couple of days after media reports stated that Dutch intelligence tipped off their ...

  • Creating a culture of cyber security safety is critical for CEOs

    February 1, 2018

    When working with CEOs, I like to use a safety program within an organisation, running parallel with the cyber security program. In a number of industries, having a safety program is required but it’s a good idea for all companies to have one. A former colleague once managed such a program for a small trucking firm. ...

  • Meltdown-Spectre: Malware is already being tested by attackers

    February 1, 2018

    German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs. “So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,” the company wrote on Twitter. The company has posted SHA-256 hashes of several ...