Cybercrime

September 17, 2018

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are ...

September 16, 2018

A cyber attack was the cause behind a three day technical meltdown, according to Bristol Airport. The airport’s information screens were out of service on both Friday and Saturday, with holidaymakers having to read departure times off whiteboards scattered around the airport. An airport spokesman said several systems were taken offline on Friday in a bid to ...

September 12, 2018

While phishing continues to be the prevalent threat in malware-less email-based attacks, cybercriminals refine their methods by adding an impersonation component to increase the success rate against company employees. Phishing emails are easy to deploy and do not require other preparation from the attacker than crafting a vague message that is sufficiently convincing for a large ...

September 12, 2018

Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years. After staying dormant for few years, the Kronos banking trojan resurfaced in July in a form dubbed Osiris. A wider analysis of how the banking trojan is evolving shows innovative development on ...

September 11, 2018

These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for their attractiveness before proceeding with a full-fledged attack. The emergence of the AdvisorsBot and Marap malwares, as ...

September 11, 2018

A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The group’s regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered ...

September 10, 2018

New variations of Mirai and the Gafgyt botnet are harnessing new vulnerabilities to compromise IoT devices, including the security flaw which caused the 2017 Equifax data breach. On Sunday, researchers from the Palo Alto Networks Unit 42 team said in a blog postthat new variants of the botnets have been upgraded with a slew of exploits designed to ...

September 7, 2018

Shares of British Airways’ parent company IAG fell around 4% as markets opened on Friday morning, hours after the airline said the credit card information of at least 380,000 customers had been “compromised” in a data theft. More than £500m was wiped of the airline group’s market value as a result, before the share price rallied ...

September 5, 2018

Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 per cent and 84 per cent respectively. ...

September 5, 2018

Two days after a security researcher released details and proof-of-concept code about an unpatched Windows zero-day, one malware group had already incorporated the vulnerability in their exploit chain and was attempting to infect users around the globe. The zero-day used in this malware distribution campaign is a (still-unpatched) vulnerability in the Windows Task Scheduler feature, affecting ...