News


  • Avast disables JavaScript engine in its antivirus following major bug

    March 11, 2020

    Czech antivirus maker Avast has taken the extreme step of disabling a major component of its antivirus product after a security researcher found a dangerous vulnerability that put all of the company’s users at risk. The security flaw was found in Avast’s JavaScript engine, an internal component of the Avast antivirus that analyzes JavaScript code for ...

  • New TrickBot Variant Updates Anti-Analysis Tricks

    March 11, 2020

    Researchers uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components. TrickBot is a module-based malware that, while first identified as a banking trojan, has gradually extended its functions to include collecting credentials from a victim’s emails, ...

  • Critical Bugs in Rockwell, Johnson Controls ICS Gear

    March 10, 2020

    Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in Rockwell Automation gear affect MicroLogix 1400 Controllers, MicroLogix 1100 Controllers and RSLogix 500 Software. The ...

  • Nasty phishing scams aim to exploit coronavirus fears

    March 6, 2020

    Cyber criminals are aiming to take advantage of fears over coronavirus as a means of conducting phishing attacks and spreading malware, along with stealing login credentials and credit card details. Cybersecurity companies have identified a number of campaigns by hackers who are attempting to exploit concerns about the COVID-19 outbreak for their own criminal ends. Crooks often use ...

  • Virgin Media breach ‘linked customers to porn’

    March 6, 2020

    A customer database left unsecured online by Virgin Media contained details linking some customers to pornography and explicit websites. The researchers who first discovered the database told the BBC that it contained more information than Virgin Media suggested. Such details could be used by cyber-criminals to extort victims. Read more… Source: BBC News  

  • Brazilian security firm leaks more than 25 GB of client and staff data

    March 6, 2020

    A configuration failure on a server belonging to Orsegups Participações, a large Brazil-based holding company that controls seven businesses active in the property security sector, exposed a series of tax documents revealing clients’ contract values and staff information. The leak, investigated by ZDNet in partnership with Brazilian cybersecurity news website The Hack, has compromised more than 25 GB ...

  • Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns

    March 6, 2020

    Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPetya – are making headlines due to the crippling downtimes that these attacks cause. However, “human operated” ransomware – like REvil, Bitpaymer, and Ryuk – ...

  • Zoho zero-day published on Twitter

    March 6, 2020

    A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product. Cyber-security experts who have reviewed the vulnerability have told ZDNet that the zero-day could spell trouble for companies around the world, as it could be an entry point for ransomware gangs to infect corporate networks and ransom their data. The vulnerability impacts ...

  • Ryuk ransomware hits Fortune 500 company EMCOR

    March 5, 2020

    EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems. The incident took place on February 15 and was identified as an infection with the Ryuk ransomware strain. Details of the attack and the aftermath are not public, ...

  • Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns

    March 5, 2020

    Chinese cyberattackers continue to improve and deploy a decade-old Remote Access Trojan (RAT) in ongoing campaigns against Russian, Japanese, and South Korean targets. On Thursday, researchers from Cisco Talos said that the Bisonal RAT is an unusual sample of malware that has been improved, rolled back, and refined over a period of 10 years, an uncommon practice by ...

  • US government agencies have shadow IT infrastructure problem, cybersecurity risks, says GAO

    March 5, 2020

    Federal agencies are facing increasing cybersecurity risks due to a bevy of IT facilities aren’t being tracked as full-fledged data centers, according to a General Accountability Office report. As noted previously, federal agencies have been consolidating and closing data centers over the years, but a narrower definition of what facilities should fall under an optimization program means that ...

  • DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

    March 3, 2020

    A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security ...

  • Cobalt Ulster Strikes Again With New ForeLord Malware

    March 3, 2020

    A new credential-stealing malware, dubbed ForeLord, has been uncovered in a recent spear phishing campaign. Researchers tie the attack to a known advanced persistence threat (APT) group known as Cobalt Ulster. The emails distributing ForeLord were uncovered as part of a campaign, running between mid-2019 and mid-January 2020. The emails were targeting organizations in Turkey, Jordan, Iraq, as ...

  • GuLoader: Malspam Campaign Installing NetWire RAT

    March 3, 2020

    NetWire is a publicly-available RAT that has been used by criminal organizations and other malicious groups since 2012. NetWire is distributed through various campaigns, and we usually see it sent through malicious spam (malspam). GuLoader is a file downloader that was first discovered in December 2019, and it has been used to distribute a wide variety of remote ...

  • Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

    March 3, 2020

    Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries, of which the latter two were quite ...

  • TrickBot Adds ActiveX Control, Hides Dropper in Images

    March 2, 2020

    The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX—a feature in Remote Desktop Protocol (RDP) – to ...

  • What to know about cyberattacks targeting energy pipelines

    March 1, 2020

    The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...

  • RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus

    February 28, 2020

    Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...

  • Roaming Mantis, part V

    February 27, 2020

    Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. The attackers’ focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis environment detection and so on. We’ve also observed new malware families: Fakecop (also ...

  • Ransomware Hits U.S. Electric Utility

    February 27, 2020

    The Reading Municipal Light Department (RMLD) was infected with ransomware, as revealed in a statement by the electric utility. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware. There was also no indication of plans to pay ransom to the threat actors. RMLD is an electric utility in ...