News


  • NSA surveillance of foreign nationals surges

    May 1, 2019

    The US National Security Agency’s latest transparency report has revealed the increased surveillance of foreign nationals and their communications records in intelligence operations. The Office of the Director of National Intelligence (ODNI) published its sixth “Statistical Transparency Report Regarding Use of National Security Authorities” report on Tuesday. The report (.PDF) outlines the use of warrants, the activities of ...

  • Mysterious hacker has been selling Windows 0-days to APT groups for three years

    May 1, 2019

    For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage groups –also known as APTs (advanced persistent threats)– will regularly buy zero-day exploits from third-party entities, ...

  • Dell laptops and computers vulnerable to remote hijacks

    May 1, 2019

    A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many users are likely ...

  • Unprotected Database Exposes Personal Info of 80 Million American Households

    April 30, 2019

    A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households. Discovered by VPNMentor’s research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual ...

  • APT trends report Q1 2019

    April 30, 2019

    For just under two years, the Global Research and Analysis Team (GReAT) at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. ...

  • Dispelling Myths Around SGX Malware

    April 29, 2019

    A group of security researchers from Graz University of Technology recently disclosed detailed methods of deploying attacks from inside Intel’s SGX Security Enclave. The research paper received decent media attention probably due to recently discovered architecture vulnerabilities, such as Meltdown and Spectre. Researchers also released proof of concept (PoC) code for Linux that successfully escapes the securely ...

  • I know what you did last summer, MuddyWater blending in the crowd

    April 29, 2019

    MuddyWater is an APT with a focus on governmental and telco targets in the Middle East (Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon) and also a few other countries in nearby regions (Azerbaijan, Pakistan and Afghanistan). MuddyWater first surfaced in 2017 and has been active continuously, targeting a large number of organizations. First stage infections ...

  • New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches

    April 27, 2019

    Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just ...

  • ‘Karkoff’ Is the New ‘DNSpionage’ With Selective Targeting Strategy

    April 24, 2019

    The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims’ computers with DNSpionage—a custom remote administrative tool that uses ...

  • Operation ShadowHammer: a high-profile supply chain attack

    April 23, 2019

    In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, which took place in Singapore on April 9-10, 2019. Now it is time to ...

  • Source code of Carbanak trojan found on VirusTotal

    April 23, 2019

    The source code of one of the world’s most dangerous malware strains has been uploaded and left available on VirusTotal for two years, and almost nobody has noticed. It was discovered by security researchers from US cyber-security firm FireEye, analyzed for the past two years, and made public today, so other members of the cyber-security community ...

  • FINTEAM: Trojanized TeamViewer Against Government Targets

    April 23, 2019

    Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer. By investigating ...

  • Millions of Medical Documents for Addiction and Recovery Patients Leaked

    April 22, 2019

    The information includes data on all rehab treatments and procedures, linked with patients’ names and other info. As if wrestling with addiction and recovery weren’t difficult enough, tens of thousands of patients of a rehab clinic in Pennsylvania may find their personal information hijacked and manipulated by identity thieves or extortionists. An ElasticSearch database that was left ...

  • Old-school cruel: Dodgy PDF email attachments enjoying a renaissance

    April 19, 2019

    The last few months have seen a big increase in malware attacks using PDF email attachments, according to security firm SonicWall. “Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber landscape,” said the outfit’s Bill Conner. There’s nothing new in this, of course, but many recent attacks ...

  • Facebook Collected Contacts from 1.5 Million Email Accounts Without Users’ Permission

    April 18, 2019

    Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users’ email accounts to unauthorizedly and secretly gather a copy of ...

  • Cyber-security firm Verint hit by ransomware

    April 17, 2019

    The Israel offices of US cyber-security firm Verint have been hit by ransomware, according to a screenshot taken by a Verint employee that started circulating online earlier today. “There is currently a critical issue affecting the on premise Email and Green zone VDI services,” read a warning message that was displayed earlier today ...

  • Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection

    April 17, 2019

    Trend Micro discovered a potential targeted attack that makes use of legitimate script engine AutoHotkey, in combination with malicious script files. This file is distributed as an email attachment and disguised as a legitimate document with the filename “Military Financing.xlsm.” The user would need to enable macro for it to open fully, which would use ...

  • Source code of Iranian cyber-espionage tools leaked on Telegram

    April 17, 2019

    In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten. The hacking tools are nowhere near as sophisticated as the NSA tools leaked in 2017, but they are dangerous nevertheless. The tools have been ...

  • Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking Communities

    April 16, 2019

    Each country’s hackers are unique, with their own codes of conduct, forums, motives and payment methods. Recorded Future’s Portuguese-speaking analysts, with a long-standing background in the Brazilian underground, have analyzed underground markets and forums tailored to the Brazilian Portuguese audience over the past decade and discovered a number of particularities in content hosted on forums, ...

  • APAC consumers have little trust in digital services

    April 16, 2019

    Just 31% of consumers in Asia-Pacific believe their personal information will be managed in a trustworthy way by businesses offering digital services, with only 5% willing to transact with companies that offer cheaper but less trusted digital platforms. The apparent lack of trust in digital companies is understandable, considering almost 40% have had their trust ...