News


  • Assessment of Ransomware Event at U.S. Pipeline Operator

    February 19, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on 18 February 2020 on a ransomware incident impacting a natural gas compression facility at an unidentified U.S. pipeline operator. The ransomware event impacted both IT and ICS assets by causing loss of view and control impacts that caused the facility to implement controlled shutdown processes ...

  • Threat Spotlight: Nuke Ransomware

    February 19, 2020

    Nuke ransomware, first identified in 2016, encrypts files with an AES 256-bit encryption key that is protected by asymmetrically encrypting it using 2048-bit RSA. Once a file is encrypted, Nuke changes the file name to a combination of random characters followed by a .nuclear55 extension. For example, an infected file name might be “ab0a+afbamcdEcmf.nuclear55”. Once Nuke executes it ...

  • SMS Attack Spreads Emotet, Steals Bank Credentials

    February 19, 2020

    Attackers are sending SMS messages purporting to be from victims’ banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Emotet has continued to evolve since its return in September, including a new, ...

  • Five years after the Equation Group HDD hacks, firmware security still sucks

    February 18, 2020

    In a report published today, Eclypsium, a cyber-security firm specialized in firmware security, says that the issue of unsigned firmware is still a widespread problem among device and peripheral manufactures. According to researchers, many device makers still don’t sign the firmware they ship for their components. Furthermore, even if they sign a device’s firmware, they don’t ...

  • Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

    February 18, 2020

    Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain, APT34/OilRig and APT33/Elfin appear to be linked to the campaign (which they ...

  • Singapore to spend $719m beefing up government’s cyber, data security systems

    February 18, 2020

    The Singapore government will look to invest SG$1 billion to beef up its cyber and data security systems, which it says is critical as its agencies increasingly adopt technologies such as artificial intelligence (AI), cloud, and Internet of Things (IoT). To be spent over the next three years, the funds will go toward readying the ...

  • Israeli soldiers tricked into installing malware by Hamas agents posing as women

    February 17, 2020

    Members of the Hamas Palestinian militant group have posed as young teenage girls to lure Israeli soldiers into installing malware-infected apps on their phones, a spokesperson for the Israeli Defence Force (IDF) said today. Some soldiers fell for the scam, but IDF said they detected the infections, tracked down the malware, and then took down Hamas’ ...

  • Bluetooth LE devices impacted by SweynTooth vulnerabilities

    February 15, 2020

    A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications. Read more… Source: ZDNet  

  • LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File

    February 14, 2020

    LokiBot, which has the ability to harvest sensitive data such as passwords as well as cryptocurrency information, proves that the actors behind it is invested in evolving the threat. In the past, we have seen a campaign that exploits a remote code execution vulnerability to deliver LokiBot using the Windows Installer service, a Lokibot variant that uses ISO ...

  • Nedbank says 1.7 million customers impacted by breach at third-party provider

    February 14, 2020

    Nedbank, one of the biggest banks in the South Africa region, has disclosed a security incident yesterday that impacted the personal details of 1.7 million users. The bank says the breach occurred at Computer Facilities (Pty) Ltd, a South African company the bank was using to send out marketing and promotional campaigns. In a security notice posted on its ...

  • US Cyber Command, DHS, and FBI expose new North Korean malware

    February 14, 2020

    US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have exposed today a new North Korean hacking operation. Authorities have published security advisories detailing six new malware families that are currently being used by North Korean hackers. According to the Twitter account of the Cyber National Mission Force (CNMF), a subordinate unit ...

  • Wireshark Tutorial: Examining Qakbot Infections

    February 13, 2020

    Qakbot is an information stealer also known as Qbot. This family of malware has been active for years, and Qakbot generates distinct traffic patterns. This Wireshark tutorial reviews a recent packet capture (pcap) from a Qakbot infection. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Qakbot infections. Note: This tutorial assumes you have ...

  • Emotet Now Spreads via Wi-Fi

    February 13, 2020

    A new strain of Emotet was found spreading through wireless internet connections, deviating from the email spam campaigns that the malware commonly utilizes as a means of propagation. According to researchers from Binary Defense, this new loader type takes advantage of the wlanAPI interface to spread from an infected device to an unsecure Wi-Fi network. Emotet was discovered by Trend ...

  • An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

    February 13, 2020

    The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create ...

  • New Cyber Espionage Campaigns Targeting Palestinians: The Spark and Pierogi Campaigns

    February 13, 2020

    Over the last several months, the Cybereason Nocturnus team has been tracking recent espionage campaigns targeting the Middle East. These campaigns are specifically directed at entities and individuals in the Palestinian territories. This investigation shows multiple similarities to previous attacks attributed to a group called MoleRATs (aka The Gaza Cybergang), an Arabic-speaking, politically motivated group that has operated ...

  • Puerto Rico Government Hit By $2.6M Phishing Scam

    February 13, 2020

    A phishing scam has swindled a Puerto Rico government agency out of more than $2.6 million, according to reports. According to reports, the email-based phishing scam hit Puerto Rico’s Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors. The agency reportedly received an email alleging ...

  • Knock, Knock – Who’s There?

    February 11, 2020

    Following our research from Evil Twins and Windows Linux Subsystem, interoperability between different WSL versions was something that caught our attention. The protocol and mechanism to do file management from/to WSL is a must for Blue and Red Teams whose research will provide new ways to execute known techniques to achieve tactics such as Persistence, Defense ...

  • Apple Mac malware detections overtake Windows for the first time

    February 11, 2020

    Cyber threats aimed at Macs have outpaced those targeted at Windows PCs for the first time, signalling that Apple’s computers are not as secure as they once might have been. For some time, it was a commonly held belief that Apple Mac computers, such as the iMac, were pretty much immune to malware. This was largely due to the ...

  • U.S. Charges Chinese Military Officers in 2017 Equifax Hacking

    February 10, 2020

    Four members of China’s military were charged on Monday with hacking into Equifax, one of the nation’s largest credit reporting agencies, and stealing trade secrets and the personal data of about 145 million Americans in 2017. The charges underscored China’s quest to obtain Americans’ data and its willingness to flout a 2015 agreement with the United States to refrain from ...

  • How Chinese Cybercriminals Use Business Playbook to Revamp Underground

    February 10, 2020

    Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers focused on studying cybercrime tactics and techniques; there is a plethora of publications dedicated to analyzing its economy and hacking forums. However, only a handful of studies have centered on the emerging threats and trends from ...