News


  • TrickBot Adds Custom, Stealthy Backdoor to its Arsenal

    January 9, 2020

    The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in Base64 format. It’s deployed as a module after the initial TrickBot infection has already taken hold on ...

  • Threat Spotlight: Amadey Bot Targets Non-Russian Users

    January 8, 2020

    Amadey is a simple Trojan bot first discovered in October of 2018. It is primarily used for collecting information on a victim’s environment, though it can also deliver other malware. A major infection vector for Amadey are exploit kits such as RigEK and Fallout EK. During our monitoring, we also observed this Trojan being delivered via AZORult Infostealer on ...

  • MP Says Austria Unprepared After Cyberattack on Foreign Ministry

    January 7, 2020

    The Austrian State Department’s IT systems were under a ‘serious attack’ suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI). “A coordination committee has been set up on the basis of the Network and Information System Security Act, and ...

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

    January 6, 2020

    Trend Micro found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that ...

  • UK government investigates possible cyberattack link to London Stock exchange outage

    January 6, 2020

    The UK government is reexamining the London Stock Exchange outage to ascertain whether or not a cyberattack, rather than a software glitch, was the cause. The LSE’s outage occurred on August 16, 2019. A “software glitch” was blamed in which Friday early-morning traders were left unable to buy or sell shares for over an hour and a half. Both ...

  • DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US

    January 6, 2020

    The US government has issued a security alert over the weekend, warning of possible acts of terrorism and cyber-attacks that could be carried out by Iran following the killing of a top general by the US military on Friday. The warning comes in the form of a rare NTAS (National Terrorism Advisory System) alert, of which ...

  • Travelex UK Website Still Down After Cyberattack

    January 3, 2020

    The British website of foreign currency seller Travelex remains offline as of Friday 3 January, after being taken down following a cyber-attack on Monday 30 December (New Years Eve). The good news is that an investigation has shown there is no indication the virus has compromised any personal or customer data. But the fact that nearly a ...

  • FBI Warns of Maze Ransomware Focusing on U.S. Companies

    January 3, 2020

    Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first. The warning came less than a week after the Bureau warned about the LockerGoga and MegaCortex ransomware threats infecting corporate systems. Maze has been operating since ...

  • 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches

    January 3, 2020

    Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said. the networking giant disclosed the critical flaws on Thursday; all three ...

  • Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline

    January 3, 2020

    Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researchers say. Fuel pumps represent a last bastion of non-encrypted transactions. Unlike when ...

  • Microsoft Takes Control Of ‘Thallium’ Hacking Domains

    December 31, 2019

    Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed. Redmond said that it had taken control of web domains used by Thallium to steal information. The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that ...

  • US Coast Guard discloses Ryuk ransomware infection at maritime facility

    December 30, 2019

    An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas. The agency did not reveal the name or the location of the port authority; however, it described the incident as recent. “Forensic analysis is currently ongoing but the virus, ...

  • New Year Honours: Government faces multi-million pound compensation bill over leaked private details

    December 29, 2019

    The Government is facing fines and a compensation bill running into millions of pounds after the disclosure of the home addresses of counter-terrorism experts, senior police officers and celebrities on the new year honours list. Senior figures demanded an exhaustive inquiry into the circumstances which led to the personal details of more than 1,000 individuals who will ...

  • FIN7 Hackers’ BIOLOAD Malware Drops Fresher Carbanak Backdoor

    December 27, 2019

    Malware researchers have uncovered a new tool used by the financially-motivated cybercriminal group known as FIN7 to load fresher builds of the Carbanak backdoor. Dubbed BIOLOAD, the malware loader has a low detection rate and shares similarities with BOOSTWRITE, another loader recently identified to be part of FIN7’s arsenal. The malware relies on a technique called binary planting that ...

  • Ransomware Hits Maastricht University, All Systems Taken Down

    December 27, 2019

    Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two ...

  • Critical Citrix Bug Puts 80,000 Corporate LANs at Risk

    December 26, 2019

    Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution. The Citrix products (formerly the NetScaler ADC and Gateway) are used for ...

  • Wireshark Tutorial: Examining Ursnif Infections

    December 23, 2019

    Ursnif is banking malware sometimes referred to as Gozi or IFSB. The Ursnif family of malware has been active for years, and current samples generate distinct traffic patterns. This tutorial reviews packet captures (pcaps) of infection Ursnif traffic using Wireshark. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Ursnif infections. This tutorial covers ...

  • Chinese hacker group caught bypassing 2FA

    December 23, 2019

    Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a ...

  • Russia successfully disconnected from the internet

    December 23, 2019

    The Russian government announced on Monday that it concluded a series of tests during which it successfully disconnected the country from the worldwide internet. The tests were carried out over multiple days, starting last week, and involved Russian government agencies, local internet service providers, and local Russian internet companies. The goal was to test if the country’s ...

  • Apple opens public bug bounty program, publishes official rules

    December 20, 2019

    Apple has formally opened its bug bounty program today to all security researchers, after announcing the move earlier this year in August at the Black Hat security conference in Las Vegas. Until today, Apple ran an invitation-based bug bounty program for selected security researchers only and was accepting only iOS security bugs. Starting today, the company will accept vulnerability ...