News


  • Major Gaming Companies Hit with Ransomware Linked to APT27

    January 5, 2021

    A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat (APT) is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says. Researchers noticed the “strong links” to APT27 when they were brought in as ...

  • Singapore police had used COVID-19 contact tracing data in murder probe

    January 5, 2021

    The Singapore government has defended its decision to allow the police to access the country’s COVID-19 contact tracing data when necessary, in order to safeguard public safety and interest. It reveals that data collected via the TraceTogether platform already has been tapped at least once to assist in a homicide investigation. Its defence came a day ...

  • ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands

    January 5, 2021

    A new remote access tool (RAT) has been discovered being used in an extensive campaign. The attack has targeted cryptocurrency users in an attempt to collect their private keys and ultimately to drain their wallets. The never-before-seen RAT at the center of the campaign, which researchers dub ElectroRAT, is written in the Go programming language and ...

  • Malware uses WiFi BSSID for victim identification

    January 4, 2021

    Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location. While the technique isn’t very accurate, it is still the most reliable method ...

  • Beware: PayPal phishing texts state your account is ‘limited’

    January 3, 2021

    A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft. When PayPal detects suspicious or fraudulent activity on an account, the account will have its status set to “limited,” which will put temporary restrictions on withdrawing, sending, or receiving money. Read ...

  • Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

    January 2, 2021

    More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets ...

  • Adobe Flash Player is officially dead tomorrow

    December 31, 2020

    Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Over the years, multiple zero-day and critical vulnerabilities found to impact Flash Player were used by both cybercriminals and nation-state hacking groups to install ...

  • Data breach broker selling 368.8 million user records stolen from 26 companies

    December 31, 2020

    A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned. When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts on ...

  • Ticketmaster fined $10 million for breaking into rival’s systems

    December 31, 2020

    Ticketmaster, a Live Nation subsidiary and a leading ticket distribution and sales company, was fined $10 million for illegally accessing the systems of competitor CrowdSurge using the credentials of one of its former employees. “Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” Acting ...

  • DHS orders federal agencies to update SolarWinds Orion platform

    December 30, 2020

    The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. CISA’s Supplemental Guidance to Emergency Directive 21-01 demands this from all agencies using Orion versions unaffected in the SolarWinds supply chain attack. “We issued ...

  • Emotet malware hits Lithuania’s National Public Health Center

    December 30, 2020

    The internal networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country’s state institutions. “When infected recipients opened infected messages, the virus entered the internal networks of the institutions,” NVSC officials said in a statement published today. “Infected computers, after downloading additional ...

  • T-Mobile data breach exposed phone numbers, call records

    December 30, 2020

    T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records. Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information. According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile ...

  • Japanese Aerospace Firm Kawasaki Warns of Data Breach

    December 29, 2020

    Japanese aerospace company Kawasaki Heavy Industries on Monday warned of a security incident that may have led to unauthorized access of customer data. According to the company’s data breach notification, it first discovered unauthorized parties accessing a server in Japan, from an overseas office in Thailand, on June 11, 2020. After terminating that access, the company ...

  • Digital Footprint Intelligence Report

    December 29, 2020

    The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Sudan, Syria, Turkey, UAE, Yemen. The data presented in this report was collected through Kaspersky’s own threat ...

  • The History of DNS Vulnerabilities and the Cloud

    December 28, 2020

    Every now and then, a new domain name system (DNS) vulnerability that puts billions of devices around the world at risk is discovered. DNS vulnerabilities are usually critical. Just imagine that you browse to your bank account website, but instead of returning the IP address of your bank website, your DNS resolver gives you the ...

  • Phishing Technique Uses Legitimate-looking Domains to Avoid Detection

    December 28, 2020

    Email threats continued to increase in the time of the pandemic, and the number of phishing URLs rose along with it. Our 2020 mid-year observation on phishing and email threats continue to be true as we close out the year. During our recent tracking efforts, we observed a phishing technique that involves a combination of phishing ...

  • Finland says hackers accessed MPs’ emails accounts

    December 28, 2020

    The Finnish Parliament said on Monday that hackers gained entry to its internal IT system and accessed email accounts for some members of Parliament (MPs). Government officials said the attack took place in the fall of 2020 and was discovered this month by the Parliament’s IT staff. The matter is currently being investigated by the Finnish ...

  • Vietnam targeted in complex supply chain attack

    December 28, 2020

    A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues ...

  • SUNBURST Additional Technical Details

    December 24, 2020

    FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently ...

  • Ransomware: Attacks could be about to get even more dangerous and disruptive

    December 23, 2020

    Ransomware is one of the biggest threats facing businesses. An organisation that falls victim to a ransomware attack – which sees cyber criminals use malware to encrypt the network, rendering it inoperable – will quickly find itself unable to do business at all. Cyber criminals lock down networks like this for one simple reason: it’s the ...