News


  • Hackers exploiting popular social engineering ‘toolkits’ to refine cyber attacks

    September 4, 2019

    Hackers are regularly using highly customisable online resources to add social engineering components to render their attacks more effective, according to new research from Malwarebytes. One website identified by the team features an expansive toolkit that has drawn more than 100,000 visits in the past few weeks, offering design and framework support to attackers. The resource, dubbed Domen, is built ...

  • BRATA Android RAT Steals Banking Info in Real Time

    September 4, 2019

    The RAT targets users via fake WhatsApp updates in Google Play. A powerful Android remote access tool (RAT) family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for ...

  • Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

    September 4, 2019

    Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 “does not validate the existence of ...

  • ACSC helps power energy sector’s cybersecurity capabilities

    September 4, 2019

    The Australian Cyber Security Centre (ACSC) has plugged into energy sector organisations and government agencies to help power their cybersecurity capabilities. The nationwide program — which started in November 2018 – aims to improve the energy industry’s cyber threat resilience and responses. So far, the ACSC has provided cybersecurity incident response and exercise training, information exchange sessions on operational ...

  • ‘USBAnywhere’ Bugs Open Supermicro Servers to Remote Attackers

    September 3, 2019

    Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker ‘omnipotent’ control over a server and its contents. Authentication vulnerabilities in the baseboard management controllers (BMCs) of Supermicro X9-X11 servers have been discovered that allow a remote attacker to easily connect to a server and mount any virtual USB device of their choosing. The bugs, collectively dubbed USBAnywhere, ...

  • Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers

    September 3, 2019

    International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers. UPDATE Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure ...

  • Android Zero-Days Now Worth More Than iPhone Exploits

    September 3, 2019

    Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android. An Android zero-day exploit is now worth more than one for the iPhone on the global cyberweapons market. Exploit acquisition vendor Zerodium said Tuesday that it is willing to pay a whopping $2.5 million for a zero-click Android zero-day with persistence. ...

  • Fraudsters use AI voice manipulation to steal £200,000

    September 2, 2019

    Cyber criminals have used artificial intelligence (AI) and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of $243,000 (£201,000). In March this year, what is believed to be an unknown hacker group is said to have exploited AI-powered software to mimic the prominent business leader’s voice to fool his subordinate, the CEO of ...

  • Some of Russia’s surveillance tech leaked data for more than a year

    August 30, 2019

    A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet. The leaky equipment were SORM devices. These are hardware wiretaps that all Russian internet service providers and mobile telecoms must install in their data centers to comply with ...

  • Google finds malicious sites pushing iOS exploits for years

    August 30, 2019

    Security researchers at Google said they found malicious websites that served iPhone exploits for almost three years. The attacks weren’t aimed at particular iOS users, as most iOS exploits tend to be used, but were aimed at any user accessing these sites via an iPhone. “There was no target discrimination; simply visiting the hacked site was enough ...

  • Hiding in Plain Text: Jenkins Plugin Vulnerabilities

    August 30, 2019

    Jenkins is a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. In order to make the most out of Jenkins’ modular architecture, developers make use of plugins that help extend its core features, allowing them to expand the scripting capabilities of build steps. As of writing, there ...

  • French Cyber Police Takedown Paris-based Botnet

    August 29, 2019

    C3N cybercrime unit, along with the FBI and Avast, take down French botnet that infected 850,000 computers French cyber police have reportedly taken down a botnet, that infected more that 850,000 computers, mostly in South America. According to AFP, the operation began in March 2019 when Czech antivirus firm Avast alerted the Cybercrime Fighting Center (C3N) of the ...

  • Google launches bounty program to spot misuses of Google API, Chrome, and Android user data

    August 29, 2019

    Google announced today a new bug bounty program through which security researchers can report cases of abuse where third-party apps are stealing or misusing Google user data. The new bounty program is named the Developer Data Protection Reward Program (DDPRP), and security researchers can report cases of potential data abuse in third-party apps that have access to ...

  • Russian police take down malware gang that infected 800,000+ Android smartphones

    August 29, 2019

    Russian authorities have arrested members of the TipTop cybercrime group, believed to have infected more than 800,000 Android smartphones with malware since 2015. The group operated by renting Android banking trojans from underground hacking forums, which they later hid inside Android apps distributed via search engine ads and third-party app stores. TipTop has been active since 2015, ...

  • FIN6 Switches Up PoS Tactics to Target E-Commerce

    August 29, 2019

    The group is using the More_eggs JScript backdoor to anchor its attack. The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) ...

  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw

    August 29, 2019

    Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login ...

  • Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU

    August 29, 2019

    In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known as “BlueKeep” and resides in code to Remote Desktop Services (RDS). This vulnerability is pre-authentication and requires no user interaction, making it particularly dangerous as it has the unsettling potential to be weaponized into a destructive exploit. ...

  • ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information

    August 29, 2019

    Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved —  from merely mimicking ...

  • WannaCry-style cyber attack could trigger full NATO response, says Secretary General

    August 28, 2019

    NATO Secretary General Jens Stoltenberg has said a cyber attack on a single member state could constitute an attack on all 29 members. The announcement effectively incorporates cyber security into Article 5 of the NATO founding treaty, a “collective defence commitment” which compels all members to come to the defence of one or more countries threatened ...

  • Spam and phishing in Q2 2019

    August 28, 2019

    In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen as more trustworthy by both users and spam filters. Most often, such links point to ...