News


  • Emotet resurgence packs in new binaries, Trickbot functions

    November 6, 2019

    Emotet, a Banking Trojan turned devastating modular threat, has returned with upgraded functions in a new wave of attacks. The malware, first discovered in 2014, has evolved over the past few years from a relatively basic, singular threat into a customizable modular package used to deploy additional payloads against financial institutions, the enterprise, and consumers worldwide. Emotet, believed to ...

  • Kaspersky identifies mysterious APT mentioned in 2017 Shadow Brokers leak

    November 5, 2019

    In 2017, a mysterious group of hackers known as the Shadow Brokers published online a data dump called “Lost in Translation.” The data dump — believed to have been obtained from the US National Security Agency (NSA) — contained a collection of exploits and hacking tools, including the now-infamous EternalBlue, the exploit that provided the steam ...

  • Canadian Nunavut government systems crippled by ransomware

    November 5, 2019

    Canadian government IT systems have been forced into lockdown after a successful ransomware attack. On Monday, government officials for the Nunavut region said that over the weekend, a “new and sophisticated type of ransomware” struck the territory. All government services — with the exception of an energy corporation — that rely on access to electronic information stored ...

  • Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs

    November 4, 2019

    The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol (ARP) pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim organization. Ryuk, which is distributed by ...

  • Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet

    November 4, 2019

    The Nemty ransomware (Ransom.Nemty), initially detected in August 2019, has increased its reach by partnering up with the Trik botnet (Trojan.Wortrik), which now delivers Nemty to compromised computers. Trik, also known as Phorpiex, has been around for approximately 10 years. In its early days, the malware self-propagated via removable USB drives, Windows Live Messenger, or Skype ...

  • Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam

    November 4, 2019

    Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...

  • Ransomware hits Spanish companies sparking WannaCry panic

    November 4, 2019

    Two major Spanish companies have been hit by ransomware today. Both infections occurred on the same day, sparking memories of the WannaCry outbreak. Spain was one of the first countries alongside the UK, where the WannaCry ransomware infections were spotted for the first time back on May 12, 2017. Affected at the time were Spanish newspaper El ...

  • BlueKeep Attacks Have Arrived, Are Initially Underwhelming

    November 4, 2019

    The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared. Security researchers have seen evidence of the first wave of attacks on the zero-day Windows Remote Desktop vulnerability revealed by Microsoft in May. At the time experts ...

  • Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

    November 1, 2019

    Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there was a ...

  • Stubborn Malware Targets QNAP NAS Hardware Specifically

    November 1, 2019

    Top-selling network attached storage devices (NAS) made by QNAP Systems are being singled out by attackers, who have crafted malware specifically designed for the vendor’s hardware. Researchers at the Finland’s National Cyber Security Centre (NCSC-FI) reported the targeted attacks late last month, dubbing the malware QSnatch. Once infected, hackers can access the NAS devices and retrieve all ...

  • Office for Mac Users Warned of Malicious SYLK Files

    November 1, 2019

    Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning comes from United States Computer Emergency Readiness Team (US-CERT), which said that ...

  • Threat Spotlight: Neshta File Infector Endures

    November 1, 2019

    Neshta is an older file infector that is still prevalent in the wild. It was initially observed in 2003 and has been previously associated with BlackPOS malware. It prepends malicious code to infected files. This threat is commonly introduced into an environment through unintentional downloading or by other malware. It infects Windows executable files and ...

  • Calypso APT Emerges from the Shadows to Target Governments

    October 31, 2019

    A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India (34 percent), Brazil and Kazakhstan (18 percent respectively), Russia and Thailand (12 percent respectively) and Turkey (6 percent) have all been successfully infiltrated at some point, ...

  • ICS Attackers Set To Inflict More Damage With Evolving Tactics

    October 31, 2019

    Future attacks on industrial control system (ICS) networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remains extraordinarily difficult to mount successful attacks on critical ...

  • Insurance Pays Out a Sliver of Norsk Hydro’s Cyberattack Damages

    October 30, 2019

    On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to shut down or isolate several plants and ...

  • WhatsApp Spyware Attack: Uncovering NSO Group Activity

    October 30, 2019

    On the heels of Facebook filing a lawsuit against Israeli company NSO Group — alleging that it was behind the massive WhatsApp hack earlier this year — privacy experts say that the move is “popping the unaccountable bubble” that commercial spyware companies have carved out for themselves. After disclosing the lawsuit,WhatsApp said that cyber security experts at the Citizen Lab, ...

  • White Hat Hackers Get the Chance to Break Industrial Control System Security in PWN2OWN 2020

    October 30, 2019

    From enterprise applications and web browsers to mobile and IoT devices, hacking competition Pwn2Own has added another focus: industrial control system (ICS) and its associated protocols. Trend Micro’s Zero Day Initiative (ZDI), the bug bounty program behind Pwn2Own, has long been known to reward researchers for finding previously unknown software flaws. Set to happen in Miami come ...

  • Xhelper: Persistent Android dropper app infects 45K devices in past 6 months

    October 29, 2019

    Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements. The app, called Xhelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app ...

  • Nasty PHP7 remote code execution bug exploited in the wild

    October 26, 2019

    A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build ...

  • London police software quarantines thousands of cybercrime reports

    October 25, 2019

    Over 9,000 cybercrime reports filed by UK citizens have sat inside a police database without being investigated after security software mistakenly identified them as containing malicious code and placed them in quarantine. All the quarantined reports came from Action Fraud, an official UK police website where victims can report fraud and cybercrime. According to an audit published this week ...