News – September 2017


  • National Lottery website brought down by cyber hack attack leaving thousands unable to buy tickets

    September 30, 2017

    A cyber attack brought down the the National Lottery website last night, Camelot has admitted. The website was down for more than an hour-and-a-half yesterday evening, due to a distributed denial of service (DDOS) attack – when hackers flooded the website with online traffic. A Camelot spokesperson said: “Unfortunately, as experienced by many companies, The National Lottery website was subject to ...

  • Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks

    September 29, 2017

    “Always keep your operating system and software up-to-date.” This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks. However, even if you attempt to install every damn software update that lands to your system, there is a good chance of your ...

  • Internet-wide security update put on hold over fears 60 million people would be kicked offline

    September 28, 2017

    A multi-year effort to update the internet’s overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline. DNS overseer ICANN announced on Thursday it had postponed the rollout of a new root zone “key signing key” (KSK) used to secure the internet’s foundational ...

  • Two Danish ministries taken offline by cyber attack

    September 28, 2017

    A Turkish hacker group has claimed responsibility for a cyber attack that has rendered the Danish Ministry of Immigration website inaccessible. The Ministry of Immigration, as well as the Ministry of Foreign Affairs of Denmark, were hit Wednesday by a cyber attack thought to have come from a Turkish hacker group, reports broadcaster DR. The former ministry’s website ...

  • How cyber impacts the full spectrum of terror threats

    September 27, 2017

    Despite the immediate logistical demands of three catastrophic hurricanes in the last two months and various geopolitical flashpoints, cybersecurity remains a key issue and very much on the minds of top federal defenders. “There is no longer a ‘home game’ and an ‘away game,'” for homeland security, DHS Acting Secretary Elaine Duke said at a Sept. ...

  • Remote Wi-Fi Attack Backdoors iPhone 7

    September 27, 2017

    Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the iPhone 7,” said Google Project Zero researcher Gal Beniamini, whose ...

  • 2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

    September 27, 2017

    A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015. Since it was not recognised as a serious bug at that ...

  • Researchers promise demo of ‘God-mode’ pwnage of Intel mobos

    September 26, 2017

    Security researchers say they’ve found a way to exploit Intel’s accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December. Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”. Intel Management Engine (ME), a microcontroller that ...

  • Deloitte hit by cyber-attack revealing clients’ secret emails

    September 25, 2017

    One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed ...

  • macOS High Sierra Zero-Day Exploit Puts Users’ Stored Keychain Passwords at Risk

    September 25, 2017

    It would appear that Apple’s recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked. Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS ...

  • EternalBlue Exploit Used in Retefe Banking Trojan Campaign

    September 22, 2017

    Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers at Proofpoint. Earlier this year, researchers at Flashpoint observed the TrickBot ...

  • Passwords For 540,000 Car Tracking Devices Leaked Online

    September 22, 2017

    Another day, another news about a data breach, though this is something disconcerting. Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys ...

  • IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS

    September 22, 2017

    An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution. Linux.ProxyM has the capability to engage in email spam campaigns with marked difference to other IoT botnets, such as Mirai, that infamously offered a potent platform for running distributed-denial-of-service attacks (DDoSing). Other IoT botnets have been used as proxies ...

  • Security experts: Iran-backed hackers targeting U.S. and Saudi Arabia

    September 21, 2017

    Cybersecurity firm FireEye has identified a new group of hackers, known as APT33, that it says has been working on behalf of the Iranian government since 2013. The group has “potential destructive capabilities,” FireEye warned. “The campaigns that were laid out were not just aligned with the Iranian government but with the Iranian military,” said Stuart ...

  • More data lost or stolen in first half of 2017 than the whole of last year

    September 20, 2017

    More data records have been lost or stolen during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion). Digital security company Gemalto’s Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are lost or stolen every day. During the first half of 2017 there were 918 reported data ...

  • Banker helped gang launder £16m for cybercriminals

    September 20, 2017

    A gang of five men, including a corrupt banker, have pleaded guilty to their part in laundering more than £16m for international cybercriminals. Using their man on the inside at Barclays, the gang set up around 400 bank accounts over a three-year period, according to the UK’s National Crime Agency. They shuffled stolen funds through these accounts ...

  • CCleaner Malware Infects Big Tech Companies With Second Backdoor

    September 20, 2017

    The group of unknown hackers who hijacked CCleaner’s download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload. Earlier this week, when the CCleaner hack was reported, researchers assured users that there’s no second stage malware used in the massive attack and affected users ...

  • Singapore to have new academy to train cybersecurity professionals

    September 19, 2017

    More needs to be done even as Singapore has made “good progress” in building up its cybersecurity capabilities, as it is more exposed than many other countries to cyberattacks, said Acting Prime Minister Teo Chee Hean on Tuesday (Sep 19). To address this, and as part of efforts to invest in its people, Mr Teo said the ...

  • Attackers Use Undocumented MS Office Feature to Leak System Profile Data

    September 18, 2017

    An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first ...

  • Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads — 2.3 Million Infected

    September 18, 2017

    Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected. According to Avast’s own figures, 2.27 million ran ...