News


  • Australia to invest a record A$1.35bn in cyber security

    July 1, 2020

    Dubbed the Cyber Enhanced Situational Awareness and Response (Cesar) package, the investment will help Australia identify cyber threats, disrupt foreign cyber criminals and build industry partnerships, said Australian prime minister Scott Morrison yesterday. Noting that malicious cyber activity undermines the government’s efforts to protect Australia’s economy, national security and sovereignty, Morrison said the record investment will ...

  • New EvilQuest ransomware discovered targeting macOS users

    June 30, 2020

    Security researchers have discovered this week a new ransomware strain targeting macOS users. Named OSX.EvilQuest, this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, EvilQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. “Armed with these capabilities, the attacker can main full control over ...

  • Battling COVID; a cyber Airman’s story

    June 26, 2020

    Tech. Sgt. Brandon Ibanez, a cyber intelligence analyst with the 854th Combat Operations Squadron here, doesn’t wear a helmet to work, nor does he wear a sword or shield. As a Gladiator in the 960th Cyberspace Wing, it’s not a requirement to don the traditional uniform of ancient Roman fighters, and it would be impractical because ...

  • DarkCrewFriends Returns with Botnet Strategy

    June 26, 2020

    The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system. Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload ...

  • Brazilian federal police investigates presidential data leak

    June 26, 2020

    The Brazilian federal police reported advances around an investigation into a cybercrime organization supposedly responsible for exposing personal details of senior government officials including president Jair Bolsonaro. The investigation follows a leak earlier this month, claimed by hacker group Anonymous Brazil, involving personal information relating to Bolsonaro, his sons and supporters, as well as various ministers. Information ...

  • 23 IS conducts virtual PAI training

    June 25, 2020

    Reserve Citizen Airmen from the 23rd Intelligence Squadron organized and executed a first-ever, unit-wide Publicly Available Information (PAI) training session June 6, 2020. The goal of the training was to educate 23 IS Airmen with PAI best practices and highlight the capabilities that PAI brings to intelligence operations. The training was part of the squadron’s ...

  • Exposed Frost & Sullivan databases for sale on hacking forum

    June 24, 2020

    U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum. Frost & Sullivan is a business consulting firm that assists companies in growth strategy, market research, on corporate training. With 40 locations throughout the world and over 1,800 employees, Frost ...

  • Fxmsp hackers made $1.5M selling access to corporate networks

    June 23, 2020

    New details have emerged on the activity of the infamous Fxmsp hacker that last year was advertising access to the networks of three cybersecurity vendors. Researchers tracking Fxmsp’s ventures on underground forums counted the network intrusions associated with this actor and revealed the presumed identity of the attacker. Fxmsp became widely known outside hacker forums about a year ...

  • 80,000 printers are exposing their IPP port online

    June 23, 2020

    For years, security researchers have warned that every device left exposed online without being protected by a firewall is an attack surface. Hackers can deploy exploits to forcibly take control over the device, or they can just connect to the exposed port if no authentication is required. Devices hacked this way are often enslaved in malware botnets, ...

  • New WastedLocker ransomware demands payments of millions of USD

    June 23, 2020

    Evil Corp, one of the biggest malware operations on the internet, has slowly returned to life after several of its members were charged by the US Department of Justice in December 2019. In a report shared with ZDNet today, Fox-IT, a division within the NCC Group, has detailed the group’s latest activities following the DOJ charges. The Evil Corp group, also known ...

  • Sodinokibi Ransomware Now Scans Networks For PoS Systems

    June 23, 2020

    Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale (PoS) software. Researchers believe this is a new tactic designed to allow attackers to get the biggest bang for their buck – ransom payments and credit card data. The compromise of PoS software ...

  • BlueLeaks: Data from 200 US police departments & fusion centers published online

    June 22, 2020

    The files, dubbed BlueLeaks, have been published by Distributed Denial of Secrets (DDoSecrets), a group that describes itself as a “transparency collective.” The data has been made available online on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more. DDoSecrets ...

  • Microcin is here

    June 19, 2020

    In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like (application programming interface) programming style. Such an approach is not that common in the malware world and is mostly used ...

  • Hackers use fake Windows error logs to hide malicious payload

    June 19, 2020

    Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. The trick is part of a longer chain with intermediary PowerShell commands that ultimately delivers a script for reconnaissance purposes. MSP threat detection provider Huntress Labs discovered an attack scenario ...

  • Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’

    June 19, 2020

    Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems it has not conducted “any disruptive or destructive activities within victim environments.” Morrison said the attack ...

  • Forward-looking security analysis of smart factories [Part 4] – MES database compromises

    June 18, 2020

    If I had to describe the role of the MES (Manufacturing Execution System) in a single phrase, it would be “manufacturing playmaker.” As I mentioned in the previous column, the manufacturing process is divided into multiple layers, and the system performs a different role in each layer. The MES is at the top layer of the ...

  • Why did this Bank of America phishing email bypass spam filters?

    June 18, 2020

    Threat actors trying to steal your credentials through phishing attackers is nothing new, and the number of campaigns has only been rising in recent times. Government estimates indicate that phishing is a multi-billion dollar industry, which is why cybersecurity companies exist that focus entirely on securing client’s inboxes from malicious email. Due to this, attackers continuously come up ...

  • IcedID Banker is Back, Adding Steganography, COVID-19 Theme

    June 18, 2020

    A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the ...

  • InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

    June 18, 2020

    The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat (APT) group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations in Ukraine and Russia. More recently, from late 2019 until at least this month, researchers ...

  • Steganography in attacks on industrial enterprises (updated)

    June 17, 2020

    Kaspersky ICS CERT experts have identified a series of attacks on organizations located in different countries. As of early May 2020, there are known cases of attacks on systems in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors. Attack victims include suppliers of equipment ...