News – October 2018


  • UK National Cyber Security Centre Reveals Scale Of Cyber Attacks

    October 16, 2018

    Two year since its launch, NCSC helped the UK against almost 1,200 cyber attacks, most carried out by hostile nation states The UK’s National Cyber Security Centre (NCSC) has revealed that it helps the country fend off at least ten cyber attacks a week, most of which come from state-sponsored hackers employed by hostile nation states. This ...

  • Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia

    October 15, 2018

    Researchers have uncovered the Octopus Trojan in a wave of cyberattacks being launched against diplomatic entities across central Asia. According to cybersecurity firm Kaspersky Lab, the targeted campaign has used the recent ban of Telegram messenger across Russia and reported attempts to ban the service across some former Soviet areas such as Kazakhstan to dupe victims into believing ...

  • In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack

    October 15, 2018

    The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority. A “critical water utility” has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said ...

  • UK MoD secrets exposed in dozens of cyber security breaches

    October 15, 2018

    Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK’s defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in ...

  • The Cybersecurity 202: The U.S. needs a law that requires companies to disclose data breaches quickly, cybersecurity experts say

    October 15, 2018

    A slight majority of digital security experts surveyed by The Cybersecurity 202 say the United States should follow in the European Union’s footsteps and pass a law that requires companies to disclose data breaches quickly. Europe’s General Data Protection Regulation requires companies with customers in the E.U. to notify regulators of a breach within 72 hours or face a severe ...

  • Up to 35 Million 2018 Voter Records For Sale on Hacking Forum

    October 15, 2018

    Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web. Up to 35 million voter records have been found up for sale on a popular hacking forum from 19 states, researchers discovered. Researchers at Anomali Labs and Intel 471 on Monday said that they discovered Dark Web communications offering a ...

  • Pentagon discloses card breach

    October 13, 2018

    Pentagon official said on Friday that the Department of Defense had suffered a security breach thanks to a third-party contractor. An investigation is still underway, so the exact details haven’t been made public, but according to an Associated Press report, a DOD official said that roughly 30,000 DOD military and civilian personnel are believed to be affected. ...

  • Hungary increases its scientific cooperation with NATO

    October 12, 2018

    Scientists and other experts from NATO and Hungary discussed future projects of cooperation at the NATO Science for Peace and Security (SPS) Programme Information Day held in Budapest on 11 October 2018. ungary is currently leading an SPS project in the area of chemical, biological, radiological and nuclear (CBRN) defence. The multi-year initiative aims to develop ...

  • Facebook mass hack last month was so totally overblown – only 30 million people affected

    October 12, 2018

    Facebook users can relax and get back to interacting with quality content and authentic individuals on the social network. Last month’s deliberate theft of private account records from the internet giant, initially believed to affect 50 million or maybe 90 million accounts, turns out to be nowhere near that bad. Cough. On Friday, the data-harvesting biz said a mere 30 ...

  • Facebook Bans More Than 800 Accounts in Disinformation Purge

    October 12, 2018

    The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation. Facebook on Thursday announced it has removed hundreds of pages and accounts as the company cracks down on spam. The move comes at a time when Facebook is ...

  • DASA new competition: Behavioural Analytics

    October 11, 2018

    The Defence and Security Accelerator is seeking proposals that can help UK Defence and Security to develop capability in ‘Behavioural Analytics’. This Defence and Security Accelerator (DASA) competition is seeking proposals that can help UK Defence and Security to develop capability in ‘Behavioural Analytics’. We are looking for scientific and technological solutions that can provide context-specific ...

  • New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

    October 11, 2018

    Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called ...

  • Innovative Phishing Tactic Makes Inroads Using Azure Blob

    October 10, 2018

    A brand-new approach to harvesting credentials hinges on users’ lack of cloud savvy. A fresh tactic for phishing Office 365 users employs credential-harvesting forms hosted on Azure Blob storage – signed with legitimate Microsoft SSL certificates to lend an air of legitimacy. Azure Blob Storage is a cloud storage solution for hosting unstructured data such as images, ...

  • Microsoft Set To Win Secret Clearance Ahead Of Pentagon Cloud Bid

    October 10, 2018

    Microsoft is battling Amazon’s AWS for the multi-billion-pound deal, after Google pulled out due to ethical concerns Microsoft said this week it is set to receive the US government’s top security clearance early next year, as it prepares to bid for a Pentagon cloud contract worth up to $10 billion (£7.7bn). The announcement follows on from the company’s ...

  • Gallmaker: New Attack Group Eschews Malware to Live off the Land

    October 10, 2018

    A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign. Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies of an Eastern European country, and military and defense targets in the Middle East. This group ...

  • Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs

    October 9, 2018

    Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd.(Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won’t be able to tell that ...

  • Microsoft Patches Zero-Day Under Active Attack by APT

    October 9, 2018

    A zero-day vulnerability tied to the Window’s Win32k component is under active attack, warns Microsoft. Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day (CVE-2018-8453), found by Kaspersky ...

  • Heathrow Fined £120,000 Over Lost USB Stick

    October 9, 2018

    The unencrypted stick, containing personal data on staff, was found by a member of the public before being handed in to a national newspaper Heathrow Airport said it has begun a company-wide data security training programme after the Information Commissioner’s Office (ICO) fined it £120,000 over an embarrassing data breach last year. The ICO said an unencrypted ...

  • Adobe Releases Security Patch Updates for 11 Vulnerabilities

    October 9, 2018

    Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity. Adobe has also released updated versions for Flash Player, but surprisingly this month the software received no security patch update. Also, none of the ...

  • Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities

    October 9, 2018

    In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD ...