News


  • Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

    May 22, 2020

    Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat (APT) group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East. This most recent wave of cyberattacks ...

  • Windows malware opens RDP ports on PCs for future remote access

    May 22, 2020

    Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts. Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime ...

  • Home Chef Serves Up Data Breach for 8 Million Records

    May 22, 2020

    Mail-order meal kits have become even more popular as the coronavirus pandemic has kept people home and cooking on a regular basis. Unfortunately, one of these, the popular Kroger’s Home Chef service, recently served up a side of data breach along with its perfectly measured ingredients. According to a notice posted on the Home Chef website, the company ...

  • Factory Security Problems from an IT Perspective (Part 1): Gap between the objectives of IT and OT

    May 21, 2020

    In the cybersecurity industry, key words such as “smart factories,” the “Industrial Internet of Things (IIoT),” and “Industry 4.0” have come to the fore. The business environment that the manufacturing industry operates in is undergoing drastic changes and entering a transition period. Nowadays, it may be difficult to find companies that do not include Digital ...

  • Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

    May 21, 2020

    Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two malware files that pose as Zoom installers but when decoded, contains the malware code. These malicious fake ...

  • Silent Night Banking Trojan Charges Top Dollar on the Underground

    May 21, 2020

    A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range ...

  • Critical Cisco Bug in Unified CCX Allows Remote Code Execution

    May 21, 2020

    Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express (CCX). Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. The flaw (CVE-2020-3280), which has a CVSS score of 9.8 out ...

  • NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

    May 20, 2020

    The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service (RaaS) model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally, “technically advanced” and RaaS don’t tend to go together – after all, one of the benefits of ...

  • ‘Flight risk’ employees involved in 60% of insider cybersecurity incidents

    May 20, 2020

    Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, new research suggests. According to the Securonix 2020 Insider Threat Report, published on Wednesday, “flight risk” employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a job, often change their behavioral patterns from two months ...

  • Verizon’s 2020 DBIR

    May 19, 2020

    Verizon’s 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This year’s ~120 page report analyses data from ...

  • NXNSAttack technique can be abused for large-scale DDoS attacks

    May 19, 2020

    A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation. Recursive DNS servers are DNS systems that pass DNS queries upstream in order to ...

  • Hacker arrested in Ukraine for selling billions of stolen credentials

    May 19, 2020

    The Ukrainian Secret Service (SSU) announced today the arrest of a hacker known as Sanix, responsible for selling billions of hacked credentials on hacking forums and Telegram channels. The SSU says it arrested Sanix in Ivano-Frankivsk, a city in western Ukraine. Authorities did not release the hacker’s name. Sanix has a long history on underground hacking forums, ...

  • Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding

    May 18, 2020

    Unit 42 researchers uncovered a new botnet campaign using Perl Shellbot, intended to mine Bitcoin, while avoiding detection using a specially crafted rootkit. The bot is propagated by sending a malicious shell script to a compromised device that then downloads other scripts. After the victim device executes the downloaded scripts, it starts waiting for commands from its ...

  • Easyjet hacked: 9 million people’s data accessed plus 2,200 credit card details grabbed

    May 17, 2020

    Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people’s details were accessed and more than 2,000 customers’ credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by “a highly sophisticated source”. Email addresses and “travel ...

  • Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways

    May 14, 2020

    As part of Unit 42’s efforts to proactively monitor threats circulating in the wild, I recently came across new Hoaxcalls and Mirai botnet campaigns targeting a post-authentication Remote Code Execution vulnerability in Symantec Secure Web Gateway 5.0.2.8, which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019. There is no ...

  • Login with Facebook Bug Earns $20K Bounty

    May 14, 2020

    Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting (XSS) vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method. Exploitation could allow threat actors to hijack accounts. Security researcher Vinoth Kumar identified a Document Object Model-based (DOM) ...

  • COMpfun authors spoof visa application with HTTP status-based Trojan

    May 14, 2020

    You may remember that in autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. If you’re wondering whether the actor behind the malware is still developing new features, the answer is yes. Later in November 2019 our Attribution Engine revealed a new Trojan with ...

  • QNodeService: Node.js Trojan Spread via Covid-19 Lure

    May 14, 2020

    We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan ...

  • COVID-19 blamed for 238% surge in cyberattacks against banks

    May 14, 2020

    The coronavirus pandemic has been connected to a 238% surge in cyberattacks against banks, new research claims. On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyberattack attempts between February and April this year — the same months in which COVID-19 began to spread ...

  • Texas Courts Won’t Pay Up in Ransomware Attack

    May 14, 2020

    A ransomware attack has hit the information technology office that supports Texas appellate courts and judicial agencies, leading to their websites and computer servers being shut down. The office said that it will not pay the ransom requested by the cybercriminals. Specifically affected is the Office of Court Administration (OCA), which is the IT provider for ...