News


  • NATO Allies take the lead on the development of NATO’s Innovation Fund

    October 22, 2021

    On Friday (22 October 2021), at a signing ceremony hosted by NATO’s Secretary General, Defence Ministers from 17 Allied countries* agreed to take the lead on the development of NATO’s first Innovation Fund. This multinational Fund will help NATO retain its technological edge by enabling investment – worth 1 billion euros – in dual-use technologies of ...

  • How your phone, laptop, or watch can be tracked by their Bluetooth transmissions

    October 22, 2021

    Over the past few years, mobile devices have become increasingly chatty over the Bluetooth Low Energy (BLE) protocol and this turns out to be a somewhat significant privacy risk. Seven boffins at University of California San Diego – Hadi Givehchian, Nishant Bhaskar, Eliana Rodriguez Herrera, Héctor Rodrigo López Soto, Christian Dameff, Dinesh Bharadia, and Aaron Schulman ...

  • TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

    October 21, 2021

    The criminal threat group known as TA551 has added the Sliver red-teaming tool to its bag of tracks – a move that may signal ramped up ransomware attacks ahead, researchers said. According to Proofpoint researchers, TA551 (aka Shathak) has been mounting cyberattacks that start with email thread hijacking – an increasingly popular tactic in which adversaries ...

  • Evil Corp demands $40 million in new Macaw ransomware attacks

    October 21, 2021

    Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. The Evil Corp hacking group, also known Indrik Spider and the Dridex gang, has been involved in cybercrime activities since 2007, but mostly as affiliates to other organizations. Over time, the group began focusing on their ...

  • Why is Cybersecurity Failing Against Ransomware?

    October 21, 2021

    Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Yes, security is hard – no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, ...

  • Google launches Android Enterprise bug bounty program

    October 21, 2021

    Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. This builds on the introduction of several enhancements with Android 12 to boost the platform’s overall security. Security enhancements included with the latest Android version range from toggling off USB signaling on enterprise devices to block USB-based ...

  • US Commerce Department’s Bureau of Industry and Security Tightens Export Controls on Items Used in Surveillance and other Malicious Cyber Activities

    October 20, 2021

    The Commerce Department’s Bureau of Industry and Security (BIS) has released an interim final rule, establishing controls on the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities. The rule also creates a new License Exception Authorized Cybersecurity Exports (ACE) and requests public comments on the projected impact ...

  • NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to ‘Let’s talk cyber’ event

    October 20, 2021

    NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages. The first email sent yesterday morning thanked participants for “registering for NHS Digital’s Full Digital Breakfast: Let’s talk ...

  • New espionage campaign targets South East Asia

    October 20, 2021

    An espionage campaign using a previously undocumented toolset has targeted a range of organizations in South East Asia. Among the identified targets are organizations in the defense, healthcare, and information and communications technology (ICT) sectors. The campaign appears to have begun in September 2020 and ran at least until May 2021. The toolset used by the ...

  • TA505 Gang Is Back With Newly Polished FlawedGrace RAT

    October 19, 2021

    The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherrod DeGrippo, vice president, Threat Research ...

  • REvil ransomware operators claim group is ending activity again, victim leak blog now offline

    October 19, 2021

    Cybercriminals claiming to be part of the REvil ransomware group have alleged that the gang is closing shop after losing control of vital infrastructure and having internal disputes. Recorded Future security expert Dmitry Smilyanets shared multiple messages on Twitter from ‘0_neday’ — a known REvil operator — discussing what happened on the cybercriminal forum XSS. He ...

  • LightBasin hacking group breaches 13 global telecoms in two years

    October 19, 2021

    A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. Since 2019, the group hacked into more than a dozen telecommunication companies and maintained persistence through custom malware, to steal data that would serve intelligence organizations. LightBasin is active since at least 2016 and ...

  • PurpleFox Adds New Backdoor That Uses WebSockets

    October 19, 2021

    In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. We also found a new backdoor written in .NET implanted during the intrusion, ...

  • Trickbot module descriptions

    October 19, 2021

    Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially the theft of online banking data. However, over time, its ...

  • Joint CISA, FBI and NSA Cybersecurity Advisory – BlackMatter Ransomware

    October 18, 2021

    This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. This advisory provides information ...

  • Sinclair Confirms Ransomware Attack That Disrupted TV Stations

    October 18, 2021

    Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it has suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knocking local broadcast feeds off the air. The cyberattack disrupted the company’s ...

  • BlackByte ransomware decryptor released

    October 18, 2021

    A new form of malware found in a recent IT incident appears to have been inspired by other strains known to reap their operators’ huge financial rewards — but is likely the work of amateurs. Dubbed BlackByte and discovered by Trustwave, the Windows-based ransomware is considered “odd” due to some of the design and function decisions ...

  • Twitter Suspends Accounts Used to Snare Security Researchers

    October 18, 2021

    Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group (TAG) in January and is ongoing. On Friday, Google TAG analyst Adam Weidermann confirmed that Twitter suspended the ...

  • Lyceum group reborn

    October 18, 2021

    This year, Kaspersky researchers presented their research into the Lyceum group (also known as Hexane), which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia. According to older public accounts of the group’s activity, Lyceum conducted targeted ...

  • Case Study: From BazarLoader to Network Reconnaissance

    October 18, 2021

    BazarLoader is Windows-based malware spread through various methods involving email. These infections provide backdoor access that criminals use to determine whether the host is part of an Active Directory (AD) environment. If so, criminals deploy Cobalt Strike and perform reconnaissance to map the network. If the results indicate a high-value target, criminals attempt lateral movement ...