News


  • Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs

    August 25, 2019

    To nobody’s surprise, hacker groups have started exploiting vulnerabilities that have been made public earlier this month, taking advantage of public technical details and demo exploit code to launch attacks against real-world targets. Attacks have started this week, and they’ve been seen targeting Webmin, a web-based utility for managing Linux and *NIX systems, but also enterprise ...

  • AMEO ‘concerned’ about nation-state attacks on power grids

    August 22, 2019

    “For the energy sectors and critical infrastructure sectors, particularly around electricity, we are concerned about nation-state actors,” says Tim Daly, chief security officer (CSO) for the Australian Energy Market Operator (AEMO). “Nation-states are looking to have capability and implants that are persistent within critical organisations,” he told the Gartner Security and Risk Management Summit in Sydney ...

  • Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

    August 21, 2019

    Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group’s most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 ...

  • Firefox And Chrome Fight Back Against Kazakhstan’s Spying

    August 21, 2019

    Against the backdrop of China, Russia, and Iran working to sequester their own private, national internets, other countries like Kazakhstan have experimented with similar balkanization and internet-control initiatives. Kazakhstan first piloted a monitoring system in 2015 that would offer access to all web traffic within the country, even encrypted data. After fierce debate and some legal hurdles over the ...

  • A botnet has been cannibalizing other hackers’ web shells for more than a year

    August 21, 2019

    A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies revealed today. Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users ...

  • Unpatchable security flaw found in popular SoC boards

    August 20, 2019

    Security researchers have discovered an unpatchable security flaw in a popular brand of system-on-chip (SoC) boardsmanufactured by Xilinx. The vulnerable component is Xilinx’s Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components. According to security researchers with Inverse Path — F-Secure’s hardware ...

  • Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers

    August 20, 2019

    Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project’s maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build ...

  • Newly Registered Domains: Malicious Abuse by Bad Actors

    August 20, 2019

    Newly registered domains (NRDs) are known to be favored by threat actors to launch malicious campaigns. Academic and industry research reports have shown statistical proof that NRDs are risky, revealing malicious usage of NRDs including phishing, malware, and scam. Therefore, best security practice calls for blocking and/or closely monitoring NRDs in enterprise traffic. Despite the evidence, there hasn’t yet ...

  • Post GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware

    August 19, 2019

    A detailed look at underground forums shows that cybercriminals aren’t sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains. Ransomware continues to be a top threat, with Friday’s ransomware attack on 23 Texas local government and agencies and two ...

  • Adwind Remote Access Trojan Hits Utilities Sector

    August 19, 2019

    Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware ...

  • Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

    August 19, 2019

    In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro™ Deep Discovery™ Inspector that turned out to be related to EternalBlue, an exploit perhaps more popularly known for being used in the WannaCry attacks. After the discovery, we sent our first alert to the ...

  • Hackers Use Fake NordVPN Website to Deliver Banking Trojan

    August 19, 2019

    The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims’ computers. This allows them to focus ...

  • Over 20 Texas local governments hit in ‘coordinated ransomware attack’

    August 18, 2019

    Twenty-three local Texas governments have been infected with ransomware last week in what Texas officials have described as a coordinated attack. The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR). DIR officials did not pubish ...

  • Router Network Isolation Broken By Covert Data Exfiltration

    August 18, 2019

    Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host. The boundary insulates sensitive or critical ...

  • 4.1B Records Exposed in Breaches in First Half of 2019

    August 16, 2019

    This year is on track to be the worst year on record for data breach activity, according to a recent analysis. Within the first six months of this year, there have been 3,813 incidents publicly reported, according to Risk Based Security’s 2019 MidYear QuickView Data Breach Report. That’s up 54 percent compared to this time last ...

  • Australian Signals Directorate launches open source​ data visualisation tool

    August 16, 2019

    The Australian Signals Directorate (ASD) has open sourced its own data visualisation and analysis software tool that it says can be used to solve large and complex problems in a “simple and intuitive way”. Constellation, available on GitHub, can be used to identify trends and patterns in complex datasets, and can handle billions of inputs, ASD ...

  • European Central Bank Shuts Down ‘BIRD Portal’ After Getting Hacked

    August 16, 2019

    The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the ...

  • DanaBot banking Trojan jumps from Australia to Germany in quest for new targets

    August 15, 2019

    The DanaBot banking Trojan is on the move and has traveled across the sea in a pivot from its original focus on Australia to strike European targets. DanaBot was first discovered by Proofpoint researchers last year. The malware was observed striking Australian targets of financial value, but at the time, DanaBot appeared to come from only one threat ...

  • Analysis: New Remcos RAT Arrives Via Phishing Email

    August 15, 2019

    In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is ...

  • The internet of things security maturity model: a nudge for IoT cybersecurity

    August 14, 2019

    Developing cyberthreat protection strategies is a challenging task, especially for industrial systems and the internet of things. Numerous parties are involved in the processes of designing, developing, integrating, using and maintaining such systems. The different parties involved will assess the risks associated with attacks differently. Some businesses may view security as a drawback (because of longer ...