News


  • New Dragonblood vulnerabilities found in WiFi WPA3 standard

    August 3, 2019

    Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance’s recently launched WPA3 WiFi security and authentication standard. Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard. The two researchers — Mathy Vanhoef and Eyal Ronen — found these two new bugs in ...

  • UK gov launches second audit of cyber security labour market

    August 2, 2019

    The UK government has launched a second audit of the country’s cyber security labour market in an effort to assess how companies across the country are handling the employment and training of IT professionals. Organisations across the public and private sector have been chosen at random to contribute to the study, with responses helping to shape ...

  • Nation-State APTs Target U.S. Utilities With Dangerous Malware

    August 2, 2019

    Researchers believe that nation-state actors are behind several spearphishing campaigns targeting U.S. utility companies with a newly-identified malware, which has the capabilities to view system data and reboot machines. Lure emails were sent to three U.S. utilities companies between July 19 and 25. They purported to be from a U.S.-based engineering licensing board, but actually contained ...

  • GermanWiper ransomware hits Germany hard, destroys files, asks for ransom

    August 2, 2019

    For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data. As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them ...

  • British Army to train cyber spies to combat hackers and digital propaganda

    August 1, 2019

    The British Army will adapt to better tackle the threat of cyber warfare, including hackers, digital propaganda and misinformation, the Ministry of Defence (MoD) has said. A unit called the Sixth Division will be reintroduced as part of plans to “rebalance the Field Army… defeat adversaries both above and below the threshold of conventional conflict”, ...

  • Financial threats in H1 2019

    July 31, 2019

    Financial cyberthreats are malicious programs that attack users of online banking services, electronic money, cryptocurrency and other similar services, as well as threats aimed at gaining access to financial organizations and their infrastructure. Kaspersky experts regularly analyze the statistics that the company’s products anonymously send to the cloud infrastructure of the Kaspersky Security Network (KSN) ...

  • Keeping a Hidden Identity: Mirai C&Cs in Tor Network

    July 31, 2019

    With its notoriety for being one of the most active internet of things (IoT) malware families, Mirai is one malware family system administrators consistently keep their eye on to make sure systems and devices are protected. Despite all the attention that the malware has received, it seems cybercriminals are still continually developing and using this malware. Barely a ...

  • Inside Malware Markets: Current Trends and Competitive Forces

    July 30, 2019

    Regardless of location, legitimacy, or legality, markets of all kinds act in accordance with a prevailing set of forces. Made famous by business management guru Michael Porter, his eponymous Five Forces generally dictate how markets will operate — that includes markets for malware. Porter’s Five Forces Rivalry Among Existing Competitors Bargaining Power of Suppliers Bargaining Power of Buyers Threat of ...

  • Cyberattack warning to small plane owners: How your aircraft could be vulnerable

    July 30, 2019

    The alert from the DHS critical infrastructure computer emergency response team. warns that modern flight systems are vulnerable to hacking if a person manages to gain unrestricted access to an aircraft. The alert also recommends that small plane owners restrict unauthorized physical access to their aircraft the best they can. It warns that access should remain limited until ...

  • Rare Steganography Hack Can Compromise Fully Patched Websites

    July 26, 2019

    An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files’ EXIF headers in order to upload malware onto targeted ...

  • Unique Monokle Android Spyware Self-Signs Certificates

    July 24, 2019

    A never-before-publicized mobile spy tool, a mobile surveillanceware remote access trojan (RAT) for Android called Monokle, has been spotted using novel techniques to exfiltrate data. According to the Lookout researchers who discovered Monokle in the wild, the malware has the ability to self-sign trusted certificates to intercept encrypted SSL traffic. It can also record a phone’s ...

  • Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’

    July 23, 2019

    Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by exploiting vulnerabilities or taking advantage of security gaps — leveled against Elasticsearch servers. These attacks mostly deliveredcryptocurrency-mining malware, as in the case of one attack we saw last year. The latest attack we spotted deviates from the ...

  • Cybercrime gang adds new tactics to credit card data-stealing campaign

    July 23, 2019

    A hacking operation has deployed new malware in the latest evolution of its campaign to make money by stealing credit card data. The FIN8 cybercrime group was first identified in January 2016, and typically targets point-of-sale (POS) systems with malware attacks designed to steal credit card information, which is then sold on for profit on dark ...

  • 5th Annual Global Cyber Security Forum – Lebanon

    July 23, 2019

    Press Release Taking in cognisance the evolving cyber threats across the globe, several nations have formed committee’s & taskforces to implement the best strategies to fight cybercrimes. These task forces are destined to ensure the nation’s assets are protected against any threats by implementing best policies & state-of-the-art solutions, whilst creating a robust ecosystem for ease ...

  • IFINSEC Financial Sector IT Security Conference and Exhibition

    July 23, 2019

    Press release IFINSEC Financial Sector IT Security Conference and Exhibition (www.ifinsec.com) will be held on 12-13 November 2019 in Istanbul, Turkey. IFINSEC is a global and niche conference with its focus on IT Security technologies and solutions for the financial sector. IFINSEC is one of the most important conferences in EMEA region in its category. With ...

  • Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping

    July 23, 2019

    A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android ...

  • Lancaster University students’ data stolen by cyber-thieves

    July 23, 2019

    Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...

  • NSA to establish a defense-minded division named the Cybersecurity Directorate

    July 23, 2019

    The National Security Agency announced today plans to establish a new defense-minded cyber-security division that will focus on defending the US against foreign cyber-threats. This new division, which will be named the Cybersecurity Directorate, will become operational on October 1, later this year. Anne Neuberger will be the division’s first Director of Cybersecurity. She will report directly ...

  • On the IoT road: perks, benefits and security of moving smartly

    July 22, 2019

    Kaspersky has repeatedly investigated security issues related to IoT technologies (for instance, here, or here). Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that there are number of issues—look here or here. This year, we decided to continue our tradition of small-scale experiments with security ...

  • Equifax, regulators sign $700m deal to settle data breach lawsuits

    July 22, 2019

    Equifax signed a settlement today to lay to rest lawsuits brought forward by the US Federal Trade Commission (FTC), state attorneys, and a class-action case relating to the firm’s 2017 data breach. The security incident was caused by a failure to resolve a known security flaw in Apache Struts, despite a patch being made available two ...