News – October 2018


  • New Stuxnet Variant Allegedly Struck Iran

    October 31, 2018

    A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran. Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets. A report on Wednesday from Israeli evening news bulletin ...

  • Coming soon: Better collaboration, sharing with U.S. allies, IC CIO Sherman says

    October 31, 2018

    The U.S. intelligence community is working to improve collaboration and communication with its Five Eyes allies and beyond. Intelligence community CIO John Sherman plans “in just a couple weeks” to convene CIOs from Five Eyes allied nations — Australia, Canada, New Zealand and the United Kingdom — “to work through some of these issues” concerning intelligence collaboration ...

  • Emotet malware gang is mass-harvesting millions of emails in mysterious campaign

    October 31, 2018

    A notorious malware family that has been on a resurgent path since last year has received a major update this week that will send shivers down any organization’s back. According to a report from Kryptos Logic shared earlier today with ZDNet, the Emotet malware family has started mass-harvesting full email messages from infected victims, starting yesterday. The Emotet group ...

  • New SamSam ransomware campaign aims at targets across the US

    October 30, 2018

    SamSam ransomware is still plaguing organisations across the US, with fresh attacks against 67 new targets — including at least one involved with administering the upcoming midterm elections. The malware is designed in such a way that it in addition to encrypting files and data across target networks, it also goes after backups as a means ...

  • Millions of Voter Records Up for Sale Ahead of the US Midterm Elections

    October 30, 2018

    As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. Voter information is rich with details that could help an attacker learn enough about the victim to steal their identity. Cybersecurity company Carbon Black, at least one market on the dark web lists for sale voter ...

  • IoT Flaw Allows Hijacking of Connected Construction Cranes

    October 30, 2018

    An attacker can send spoofed commands to the crane’s controller. A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over. The internet of things (IoT) continues to add new types of objects to its footprint, as industries start leveraging connectivity to increase productivity, accuracy and ...

  • Dead Web Apps Haunt 70 Percent of FT 500 Firms

    October 30, 2018

    Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses. A study of abandoned websites owned by leading global corporations hammers home the point that old web applications need to be properly mitigated or retired. Otherwise, these resources often haunt a firm long after they have been forgotten. Researchers at High-Tech Bridge used ...

  • New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

    October 30, 2018

    It’s only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts’ private information on a locked iPhone. Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass ...

  • DHS: Election officials inundated, confused by free cyber-security offerings

    October 29, 2018

    Election officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. According to a list compiled by CyberScoop, companies that have provided free tools and services to election officials include McAfee, Cylance, Cloudflare, Google’s Jigsaw, Synack, Akamai, Centrify, Microsoft, Valimail, Facebook, Symantec, Netscout, and 1Password. ...

  • Demand for cryptocurrency skills surges, but lacks cyber security expertise

    October 29, 2018

    Trend Micro warns the lack of cybersecurity skills in cryptocurrency environments could be dangerous for firms. Demand for skills in cryptocurrencies is growing, but security expertise isn’t keeping up, leaving businesses open to attack, a report by Trend Micro has revealed. In the cryptocurrency world, businesses are seeking employees with a knowledge of blockchain, finance, Java, bitcoin ...

  • Why website maintenance is essential for small businesses’ cyber-security

    October 29, 2018

    Investing time in ongoing website maintenance is a key way to ensure that your small business website is as protected as it can be against cyber-security threats. October 2018 is Cyber Security Awareness Month, an annual campaign which aims to raise awareness of cyber-security threats. Research from the Cyber Security Breaches Survey 2018 shows that four ...

  • Protect yourself from a cyber attack — before it happens

    October 29, 2018

    The biggest threat to your firm’s security may be lurking in your inbox. Email is a primary means for RIA communication with clients, vendors, other third parties and within a firm. As a result, most data and security breaches happen through email, usually due to some combination of user error and gaps in cybersecurity protection. The ...

  • New Zealand: Cyber attacks aimed at school websites surge

    October 28, 2018

    Schools are reporting an upsurge in cyber attacks, apparently from disgruntled students who are attacking school websites rather than pressing the fire alarm to disrupt classes. Network for Learning (N4L), a Crown company that provides internet services to 98 per cent of New Zealand schools, says six schools were targeted with “dozens of attacks” aimed at taking ...

  • How to prevent your business becoming collateral damage of geopolitical cyber conflict

    October 27, 2018

    According to Bryan Becker, an application security researcher at WhiteHat Security, the United States is “woefully behind the entire developed world in terms of cybersecurity.” Defensively, he insists, it would “easily take us a decade” and then some to catch up with allies and competitors alike. Does this mean that it’s up to the cybersecurity ...

  • Russia suggests UN set up working group on cybersecurity

    October 26, 2018

    UNITED NATIONS – Russia has submitted to the 73rd session of the United Nations General Assembly a draft resolution on cybersecurity that provides for the establishment of a working group on these issues and for the elaboration of rules of conduct of states in cyberspace, Russian presidential envoy for international cooperation in information security Andrey ...

  • New Privilege Escalation Flaw Affects Most Linux Distributions

    October 26, 2018

    An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It ...

  • Malware Distributors Adopt DKIM to Bypass Mail Filters

    October 25, 2018

    In July 2018, US-CERT raised an alert regarding the Emotet banking trojan, which is also being used to distribute a secondary malware known as “Trickbot”. This alert provided recommendations on how businesses can mitigate their exposure to the Trojan. Unfortunately, it looks like criminals are also reading the US-CERT’s warnings as they have adopted new techniques ...

  • Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers

    October 25, 2018

    While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco’s WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections. Remote code execution vulnerabilities are bugs that allow a users ...

  • Cathay Pacific Data Breach Highlights A Need To Change Airline Security Focus

    October 25, 2018

    Cathay Pacific has been hit by a data breach affecting 9.4 million passengers of Cathay and Hong Kong Dragon Airlines, a serious exposure that shows—not for the first time—that the focus of airline security can’t be limited to airport terminals and aircraft cabins. First discovered in March, and confirmed in May of this year, the Cathay Pacific ...

  • ‘A cyber-attack could stop the country’

    October 25, 2018

    Superfast 5G mobile broadband could power smart cities and the internet of things, (IoT) but as more devices get connected, telecoms and security experts are warning that cyber-attacks could increase in number and severity. Our homes and cities are getting “smarter” – thermostats, video doorbells, sprinkler systems, street lights, traffic cameras, cars. all connected to the ...