News


  • Riltok mobile Trojan: A banker with global reach

    June 25, 2019

    Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European “market.” The bulk of its victims (more than 90%) reside in Russia, with France in second place (4%). ...

  • Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail

    June 24, 2019

    In a bizarre investigation, Belgium police have identified a member of the Anonymous Belgium hacker collective while investigating an arson case at a local bank. The perpetrator, a 35-year-old man from the Belgian city of Roeselare, was initially arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, a suburb of Roeselare, back ...

  • US launches cyber-attack aimed at Iranian rocket and missile systems

    June 24, 2019

    The US has responded to a recent rise in Iranian cyber-activity and the shooting of an unarmed drone last week by launching cyber-attacks against Iran’s military IT systems. The cyber-attacks were carried out by US Cyber Command with the direct approval of US President Donald Trump, the Associated Press reported on Sunday, citing two inside sources, and ...

  • Consumers Urged to Junk Insecure IoT Devices

    June 18, 2019

    More than 2 million connected security cameras, baby monitors and other IoT devices have serious vulnerabilities that have been publicly disclosed for more than two months – yet they are still without a patch or even any vendor response. Security researcher Paul Marrapese, who disclosed the flaws in April and has yet to hear back from any impacted ...

  • Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

    June 18, 2019

    We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as  AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are embedded in apps that the operators repackaged from legitimate ...

  • Plurox: Modular backdoor

    June 18, 2019

    In February this year, a curious backdoor passed across our virtual desk. The analysis showed the malware to have a few quite unpleasant features. It can spread itself over a local network via an exploit, provide access to the attacked network, and install miners and other malicious software on victim computers. What’s more, the backdoor ...

  • Making the Most of the NIST Cybersecurity Framework

    June 17, 2019

    The NIST Cybersecurity Framework has become a valuable tool for evaluating security across a variety of business sectors. Originally published in 2014 and targeting critical infrastructure, the framework continues to evolve to meet the changing needs of organizations in the U.S. and around the world. Its popularity stems from its thoroughness, applicability, and approachability. Our guests today are ...

  • Houdini malware targets victims with keylogger, online bank account theft tools

    June 17, 2019

    A new variant of the Houdini malware has been detected in campaigns against financial institutions and their customers. Last week, cybersecurity researchers from Cofense said in a blog post that the new strain of Houdini — also known as HWorm — was released by its author on June 2, 2019. Dubbed WSH Remote Access Tool (RAT), it took the ...

  • Game Over for GandCrab: New free decryption tool allows victims to unlock all versions of this ransomware

    June 17, 2019

    A new decryption tool that counters one of the most prolific families of ransomware by allowing victims to retrieve their files for free has been released in a collaborative effort by Europol, the FBI, cybersecurity company Bitdefender, and others. The latest version of the GandCrab decryptor neutralises the most recent incarnations of the file-locking malware – ...

  • New Echobot malware is a smorgasbord of vulnerabilities

    June 17, 2019

    If there’s one thing that seems to have no end in sight is malware authors putting their own spin on the old Mirai malware and creating new botnets to haunt the IoT and enterprise landscapes. Not a month goes by without a new major botnet appearing out of nowhere and launching massive attacks against people’s smart ...

  • U.S. Escalates Online Attacks on Russia’s Power Grid

    June 15, 2019

    The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said. In interviews over the past three months, the officials described the previously ...

  • AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

    June 14, 2019

    Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API misconfiguration in the open-source version of the popular DevOps tool ...

  • Two hacking groups responsible for huge spike in hacked Magento 2.x stores

    June 12, 2019

    Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security. This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March to April, and again ...

  • RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory

    June 12, 2019

    A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side ...

  • Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

    June 12, 2019

    Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware. Intel has patched seven high-severity vulnerabilities in the system firmware of its Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. Overall, the chip-maker patched 25 vulnerabilities across various platforms this week – including eight ...

  • New FormBook Dropper Harbors Obfuscation, Persistence

    June 12, 2019

    Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities. Researchers are warning that a future data-theft attack may be brewing after discovering a new sample of the FormBook malware, with a never-before-seen dropper — i.e. a malicious file that is used in the initial infection stage and installs malware on the system. FormBook, ...

  • FBI Issues Warning on ‘Secure’ Websites Used For Phishing

    June 10, 2019

    The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser’s address bar to check if the current page is served by a website secured using a ...

  • MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

    June 10, 2019

    We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as its connection to four Android malware ...

  • Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

    June 9, 2019

    Linux users, beware! If you haven’t recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed ...

  • Ancient ICEFOG APT malware spotted again in new wave of attacks

    June 7, 2019

    Malware developed by Chinese state-sponsored hackers that was once thought to have disappeared has been recently spotted in new attacks, in an updated and more dangerous form. Spotted by FireEye senior researcher Chi-en (Ashley) Shen, the malware is named ICEFOG (also known as Fucobha). It was initially used by a Chinese APT (advanced persistent threat, a technical ...