News


  • Google Sets Record High in Bug-Bounty Payouts

    January 29, 2020

    Google paid out $6.5 million in bug-bounty rewards in 2019, which doubles the internet behemoth’s previous annual top total. It has also highlighted additional bonuses that are now in effect for Chrome and Android. Last year saw some notable changes for Google’s Vulnerability Reward Programs (VRPs), including the launch of the Developer Data Protection Reward Program aimed at ...

  • Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed

    January 29, 2020

    Between September and December 2019, Unit 42 researchers periodically scanned and collected metadata from Docker hosts exposed to the internet (largely due to inadvertent user errors) and this research reveals some of the tactics and techniques used by attackers in the compromised Docker engines. In total, 1,400 unsecured Docker hosts, 8,673 active containers, and 17,927 ...

  • A Ransomware Prescription for the Healthcare Industry

    January 29, 2020

    To paraphrase Mark Twain, reports of ransomware’s death have been greatly exaggerated. Ransomware attacks resumed with a vengeance last year, despite conjecture by some researchers that CPU mining would overtake ransomware as a leading threat vector. Instead, the ransomware threat is stronger than ever, impacting more than 750 healthcare providers and racking up recovery costs approaching $4 billion. Some healthcare ...

  • Security Analysis of Devices That Support SCPI and VISA Protocols

    January 28, 2020

    When a legacy protocol is connected via Ethernet, and subsequently to the internet, security issues arise. Standard Commands for Programmable Instruments (SCPI) is a legacy protocol that many advanced measurement instruments support. It can be issued via General Purpose Interface Bus (GPIB), Universal Asynchronous Receiver/Transmitter (UART), Universal Serial Bus (USB), or Ethernet. However, it is ...

  • Google, Mozilla Crack Down on Malicious Extensions and Add-ons

    January 28, 2020

    Browser security takes a hit as Google and Mozilla discontinue a large number of browser extensions and add-ons due to malicious activity. The Google security team has temporarily disallowed the publishing or updating of paid extensions that use the Chrome Web Store payments. This is due to an influx of fraudulent transactions performed via the said extensions. The suspension ...

  • xHunt Campaign: New Watering Hole Identified for Credential Harvesting

    January 27, 2020

    During the analysis of the xHunt campaign activities, we identified a Kuwaiti organization’s webpage used as an apparent watering hole. The webpage contained a hidden image which was observed between June and December 2019, and referenced domains associated with malicious activity conducted by the xHunt campaign operators. We believe that the same threat actors involved in ...

  • Fake Smart Factory Honeypot Highlights New Attack Threats

    January 24, 2020

    A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems (ICS) face with increased exposure to the internet. While in the past ICS networks were traditionally proprietary and closed systems, the advent of ...

  • An Inside Look into Microsoft Rich Text Format and OLE Exploits

    January 24, 2020

    There has been a dramatic shift in the platforms targeted by attackers over the past few years. Up until 2016, browsers tended to be the most common attack vector to exploit and infect machines but now Microsoft Office applications are preferred, according to a report published here during March 2019. Increasing use of Microsoft Office as a ...

  • Nice Try: 501 (Ransomware) Not Implemented

    January 24, 2020

    Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit this vulnerability and the post-compromise deployment of the previously unseen NOTROBIN malware family by one threat actor. FireEye continues to actively track multiple ...

  • U.S. Government Agency Targeted With Malware-Laced Emails

    January 23, 2020

    A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,” involved six unique malicious document lures being sent as attachments from four different Russian email addresses to 10 ...

  • Shlayer Trojan attacks one in ten macOS users

    January 23, 2020

    For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into ...

  • European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019

    January 23, 2020

    Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting IT networks to physical control systems used in electric utilities, manufacturing, and oil refineries. We ...

  • Misconfigured security command exposes 250 million Microsoft customer records

    January 23, 2020

    Microsoft has revealed a misconfigured security command was the culprit behind a leak of one of Microsoft’s internal customer support databases that exposed some 250 million customer records. “Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data,” explained the Microsoft Security ...

  • Airports Council International and The Aviation Information Sharing and Analysis Center enter cooperative agreement

    January 23, 2020

    Airports Council International (ACI) World and A-ISAC announced today they have signed an agreement that better enables ACI members to join the A-ISAC for access to airport-specific cyber threat intelligence and actionable data that will enhance their ability to build cyber resiliency. Both organizations play an active role in supporting the global aviation network; by increasing ...

  • Jeff Bezos hack: Amazon boss’s phone ‘hacked by Saudi crown prince’

    January 22, 2020

    The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian. The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated ...

  • US Cyber Command was not prepared to handle the amount of data it hacked from ISIS

    January 21, 2020

    Documents obtained through FOIA (Freedom of Information Act) requests and made public today reveal that while successful, the US Cyber Command’s campaign to hack ISIS faced some issues, such as lacking the storage space to store all the information stolen from ISIS accounts. The six heavily-redacted documents published today by the National Security Archive at the ...

  • Microsoft discovers new sLoad 2.0 (Starslord) malware

    January 21, 2020

    After thoroughly having its secrets laid bare last month in a Microsoft exposé report, the operators of the sLoad malware have put into circulation a revamped 2.0 version earlier this month. This new sLoad version (also known as Starslord) doesn’t change much, but the fact that the sLoad gang shipped a new version in less than a ...

  • Windows EFS Feature May Help Ransomware Attackers

    January 21, 2020

    Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer. The lab-developed ransomware strain relies on the Encrypting File System (EFS) component in Microsoft’s operating system and can run undetected by some antivirus software. EFS allows users to ...

  • FTCODE Ransomware Now Steals Chrome, Firefox Credentials

    January 21, 2020

    FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims. Samples of the ransomware, which has been around since 2013, were recently observed in September 2019. After further analysis, researchers say new versions of the ransomware now aim to steal credentials from Internet Explorer ...

  • 16Shop Phishing Gang Goes After PayPal Users

    January 21, 2020

    A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information (PII) as possible from users of the popular ...