News


  • British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

    August 13, 2019

    A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information. A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Researchers on Tuesday said that check-in links being sent by British ...

  • Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices

    August 13, 2019

    Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week.  A Mirai variant that calls itself “Asher” surfaced on July 30, then a Bashlite ...

  • How Threat Intelligence Helps the Energy Sector Fight Cyberespionage

    August 13, 2019

    When it comes to cyber threats, some industries have it harder than others. Few are as heavily targeted by sophisticated cyberattacks as the energy sector. Over the last decade, state-sponsored hacking groups have routinely targeted utility networks and other energy providers for the purposes of espionage and disruption. And according to the latest research, advanced persistent threat (APT) ...

  • Man jailed for cyber attacks against police websites in revenge for bomb hoax conviction

    August 12, 2019

    A 20-year-old man has been jailed for 16 months after launching cyber attacks against police websites. Liam Reece Watts used specialist software to overload the Greater Manchester Police and Cheshire Police websites in separate attacks which temporarily brought down the sites. He said the attack on Cheshire Police was in retaliation for a previous conviction over a ...

  • Hunting the Public Cloud for Exposed Hosts and Misconfigurations

    August 12, 2019

    This research explores the security landscape of the Internet-facing services hosted in Amazon AWS, Microsoft Azure and Google Cloud Platform. Public cloud is becoming increasingly popular and the reported total spending on cloud infrastructure grew 45.6% in 2018. Amazon AWS maintained its lead with a 31.3% share of the Cloud Service Provider (CSP) market, followed by Microsoft ...

  • Recent Cloud Atlas activity

    August 12, 2019

    Also known as Inception, Cloud Atlas is an actor that has a long history of cyber-espionage operations targeting industries and governmental entities. We first reported Cloud Atlas in 2014 and we’ve been following its activities ever since. From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to this threat actor ...

  • IT threat evolution Q2 2019: Targeted attacks and malware campaigns

    August 12, 2019

    In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added a backdoor to the utility and then distributed it to users through official channels. ASUS was not the only company used ...

  • Microsoft names top security researchers, zero-day contributors

    August 9, 2019

    At the Black Hat security conference in Las Vegas, Microsoft announced the top security researchers and enterprise partners who contributed the most vulnerability and zero-day reports affecting the company’s products. Microsoft’s list of top contributors has become a Black Hat tradition, and many industry experts use it as a guide to today’s top bug hunters. Security researchers ...

  • Three major vulnerabilities found in Cisco SMB switches

    August 7, 2019

    Three of Cisco’s most popular switches for SMBs contain serious security flaws that could allow a hacker to remotely access the device and infiltrate an organisation’s network. The critical vulnerabilities, which affect Cisco’s Small Business 220 Series of smart switches, include a remote code execution (RCE) bug rated 9.8/10 by Cisco in terms of threat severity, an authentication bypass rated 9.1/10 ...

  • KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files

    August 7, 2019

    If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any “.desktop” or “.directory” file for a while. A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run ...

  • New ‘warshipping’ technique gives hackers access to enterprise offices

    August 7, 2019

    Researchers have described a new technique which could be used by cyberattackers to infiltrate corporate setups — with a little help from your friendly neighborhood delivery workers. On Wednesday, Charles Henderson, Global Managing Partner of IBM X- Force Red documented the theoretical method known as warshipping. The technique builds upon wardialing — in which numbers are called en masse ...

  • Microsoft Says Russia’s Strontium Behind IoT Hacks

    August 7, 2019

    Russian hackers have been identified by security experts at Microsoft as being behind a series of attacks on IoT devices. Microsoft’s Threat Intelligence Center said in a blog posting that the Russian state-linked hackers were Strontium. The Strontium hackers are also known as the Fancy Bear group, or alternatively ‘APT28′ and are closely linked to the Russian military intelligence ...

  • New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits

    August 6, 2019

    A newly uncovered vulnerability affecting every Windows computer using an Intel processor built since 2012 could allow attackers to bypass safeguards and access information held in a system’s protected kernel memory. This new side-channel attack is built on previous research into other CPU vulnerabilities – such as Spectre and Meltdown – but this new vulnerability can bypass the ...

  • LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks

    August 6, 2019

    First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that ...

  • Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs

    August 6, 2019

    Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required. Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is ...

  • Cyberattacks against industrial targets have doubled over the last 6 months

    August 5, 2019

    Cyberattacks designed to cause damage have doubled in the past six months and 50 percent of organizations affected are in the manufacturing sector, researchers say. On Monday, IBM’s X-Force IRIS incident response team published new research based on recent cyberattacks they have been called in to assist with, and the main trend the group is witnessing is the ...

  • A cyber-espionage group has been stealing files from the Venezuelan military

    August 5, 2019

    A cyber-espionage group known as “Machete” has been observed stealing sensitive files from the Venezuelan military, according to an ESET report published today. The group, known to have been active since 2010, has historically gone after a wide range of targets from all over the world. However, ESET said that starting with this year, Machete has ...

  • The Middle East Military Technology Conference (MEMTEC) Examines the Importance of Tech Solutions for Defence

    August 5, 2019

    PRESS RELEASE The Middle East Military Technology Conference (MEMTEC) will be held alongside the upcoming Bahrain International Defence Exhibition & Conference (BIDEC), it was announced last month, during the period from 28-30 October 2019. Held under the patronage of His Majesty King Hamad bin Isa Al Khalifa, the Conference will contextualise the exhibition within the regional ...

  • Microsoft Lab Offers $300K For Working Azure Exploits

    August 5, 2019

    In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Microsoft has launched a dedicated Azure cloud host testing environment, dubbed Azure Security Lab. The exclusive program will ...

  • Latest Trickbot Campaign Delivered via Highly Obfuscated JS File

    August 5, 2019

    We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware ...