News


  • New Android Spyware Tools Emerge in Widespread Surveillance Campaign

    July 1, 2020

    Researchers have uncovered a surveillance campaign, dating back to at least 2013, which has used a slew of Android surveillanceware tools to spy on the Uyghur ethnic minority group. The campaign uses three never-before-seen Android surveillanceware tools, dubbed SilkBean, GoldenEagle and CarbonSteal, and one previously disclosed tool, DoubleAgent. The purpose of these tools is to gather and ...

  • Australia to invest a record A$1.35bn in cyber security

    July 1, 2020

    Dubbed the Cyber Enhanced Situational Awareness and Response (Cesar) package, the investment will help Australia identify cyber threats, disrupt foreign cyber criminals and build industry partnerships, said Australian prime minister Scott Morrison yesterday. Noting that malicious cyber activity undermines the government’s efforts to protect Australia’s economy, national security and sovereignty, Morrison said the record investment will ...

  • ThiefQuest ransomware is a file-stealing Mac wiper in disguise

    June 30, 2020

    A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. While not common, ransomware has been known to target the macOS platform in the past, with KeRanger, FileCoder (aka Findzip), and Patcher being three other examples of malware ...

  • Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings

    June 30, 2020

    Bug-bounty programs have become a popular way for vendors to root out security flaws in their platforms, attracting talented white-hats with the promise of big rewards. According to HackerOne’s 2020 List of the Top 10 Bug Bounty Programs on its platform, Verizon Media, PayPal and Uber are in the elite group. “These top 10 programs are ...

  • StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

    June 30, 2020

    he APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group (a.k.a. Promethium) is operating a series of bogus websites purporting to offer a ...

  • CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug

    June 30, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...

  • New EvilQuest ransomware discovered targeting macOS users

    June 30, 2020

    Security researchers have discovered this week a new ransomware strain targeting macOS users. Named OSX.EvilQuest, this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, EvilQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. “Armed with these capabilities, the attacker can main full control over ...

  • ISO/SAE 21434: Securing Tomorrow’s Connected Cars

    June 29, 2020

    The functions and usage of today’s automobiles are changing as connectivity drives the demand for more modern features, and the automotive industry has been continuously developing and releasing new features to meet this demand. Among a number of modern features, today’s cars feature systems that connect to other vehicles, mobile devices, traffic infrastructure, and cloud ...

  • Chinese malware used in attacks against Australian orgs

    June 28, 2020

    The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. Behind the attack is a “sophisticated” adversary that relies on slightly modified proof-of-concept exploit code for yesteryear vulnerabilities, the government says. An unofficial blame finger points to China. The ...

  • Battling COVID; a cyber Airman’s story

    June 26, 2020

    Tech. Sgt. Brandon Ibanez, a cyber intelligence analyst with the 854th Combat Operations Squadron here, doesn’t wear a helmet to work, nor does he wear a sword or shield. As a Gladiator in the 960th Cyberspace Wing, it’s not a requirement to don the traditional uniform of ancient Roman fighters, and it would be impractical because ...

  • Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months

    June 26, 2020

    A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai and Qbot-based DDoS botnets used in DDoS attacks against targets from all over the world. Schuchman, also known as Nexus Zeta, pleaded guilty to the charges of being involved in the creation and operation of the Satori , Okiru, Masuta, and Tsunami/Fbot botnets and was released to the ...

  • DarkCrewFriends Returns with Botnet Strategy

    June 26, 2020

    The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system. Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload ...

  • Brazilian federal police investigates presidential data leak

    June 26, 2020

    The Brazilian federal police reported advances around an investigation into a cybercrime organization supposedly responsible for exposing personal details of senior government officials including president Jair Bolsonaro. The investigation follows a leak earlier this month, claimed by hacker group Anonymous Brazil, involving personal information relating to Bolsonaro, his sons and supporters, as well as various ministers. Information ...

  • Let’s Meet in Prague at FUTURE of Cyber Conference 2020

    June 26, 2020

    Despite the recent COVID outbreak, international Future of Cyber Conference as a part of the biennial defence and security exhibition, expert panels and networking Future Forces Forum (FFF) will take place as scheduled on 21 – 23 October 2020 in Prague, Czech Republic. Future Forces Forum links users of the latest technologies in military and civil security operations to manufacturers and researchers from ...

  • Threat Assessment: EKANS Ransomware

    June 26, 2020

    Unit 42 researchers have observed recent EKANS (Snake backward) ransomware activity affecting multiple industries in the U.S and Europe. As a result, we’ve created this threat assessment report for the activities of this ransomware. Identified techniques and campaigns can be visualized using the Unit 42 Playbook Viewer. EKANS, which was first observed in January 2020, has relatively ...

  • 23 IS conducts virtual PAI training

    June 25, 2020

    Reserve Citizen Airmen from the 23rd Intelligence Squadron organized and executed a first-ever, unit-wide Publicly Available Information (PAI) training session June 6, 2020. The goal of the training was to educate 23 IS Airmen with PAI best practices and highlight the capabilities that PAI brings to intelligence operations. The training was part of the squadron’s ...

  • Exposed Frost & Sullivan databases for sale on hacking forum

    June 24, 2020

    U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum. Frost & Sullivan is a business consulting firm that assists companies in growth strategy, market research, on corporate training. With 40 locations throughout the world and over 1,800 employees, Frost ...

  • Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices

    June 24, 2020

    On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the ...

  • Magnitude exploit kit – evolution

    June 24, 2020

    Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just ...

  • Fxmsp hackers made $1.5M selling access to corporate networks

    June 23, 2020

    New details have emerged on the activity of the infamous Fxmsp hacker that last year was advertising access to the networks of three cybersecurity vendors. Researchers tracking Fxmsp’s ventures on underground forums counted the network intrusions associated with this actor and revealed the presumed identity of the attacker. Fxmsp became widely known outside hacker forums about a year ...