News


  • EU Report Highlights Cybersecurity Risks in 5G Networks

    October 14, 2019

    The extent with which 5G networks use software is one of the top security issues for mobile networks as well as devices and current technologies (for example, 3G, 4G) that use or incorporate it, according to an EU report supported by the European Commission and European Union Agency for Cybersecurity. 5G networks are unique compared to ...

  • Fin7 Cybergang Retools With New Malicious Code

    October 11, 2019

    The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018. The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion ...

  • macOS users targeted with new Tarmac malware

    October 11, 2019

    Security researchers have discovered a new piece of Mac malware; however, some of its purpose and full features will remain a mystery for a little longer. Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns. These malicious ads ran rogue code inside a Mac user’s browser to redirect the ...

  • Imperva: Data Breach Caused by Cloud Misconfiguration

    October 11, 2019

    Imperva, the security vendor, said this week that a misconfiguration of an Amazon Web Services (AWS) cloud instance allowed hackers to exfiltrate information on customers using its Cloud Web Application Firewall (WAF) product. Formerly known as Incapsula, the Cloud WAF analyzes requests coming into applications, and flags or blocks suspicious and malicious activity. The company announced the breach in ...

  • New espionage malware found targeting Russian-speaking users in Eastern Europe

    October 10, 2019

    Security researchers have discovered an advanced malware strain that’s been deployed to spy on diplomats and Russian-speaking users in Eastern Europe. The malware, named Attor, has been used in attacks since 2013 but was only discovered last year, according to an ESET report published today. ESET said the malware bears the signs of a targeted espionage campaign ...

  • More xHunt – New PowerShell Backdoor Blocked Through DNS Tunnel Detection

    October 10, 2019

    During our continued analysis of the xHunt campaign, we observed several domains with ties to the pasta58com, being used as the C2 server for a new PowerShell based backdoor that we’ve named CASHY200. This PowerShell backdoor ...

  • CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

    October 10, 2019

    In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution ...

  • Intelligence Agencies Warn Of Flaw With VPN Products

    October 9, 2019

    Both the US NSA and UK NCSC warn hackers are actively exploiting vulnerabilities in VPN products Both the US National Security Agency (NSA) and a GQHC agency in the United Kingdom have issued warnings about “multiple vulnerabilities in Virtual Private Network (VPN) applications.” Both the NSA and the UK’s National Cyber Security Centre (NCSC) warned that advanced persistent threat (APT) ...

  • FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

    October 9, 2019

    trend Micro discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market. ...

  • The Value of Dark Web Coverage for Third-Party Risk Management

    October 9, 2019

    Everyone knows that a key ingredient to an effective third-party risk program is comprehensive, high-quality risk information. This includes details on supply chain risk, financial risk, legal risk, cyber risk, and more. With growing third-party ecosystems, it’s easier said than done for risk management teams to collect, organize, and prioritize their own risk information along ...

  • D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

    October 8, 2019

    D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, ...

  • Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella

    October 8, 2019

    IBM, McAfee, and 16 other companies have launched an initiative designed to tackle fragmentation and interoperability problems in the cybersecurity space. As cyberthreats have become frequent aspects of our lives — whether related to the risk of fraud and identity theft in the consumer realm or state-sponsored attacks launched against enterprise companies and critical service providers ...

  • Alabama Hospitals Pay Up in Ransomware Attack

    October 7, 2019

    An Alabama hospital system has paid its attackers in a ransomware attack that knocked its systems offline on Oct. 1. Officials at the DCH Health System didn’t say how much the hospitals paid for the decryption key, but noted that they have started a “methodical” process of system restoration. “We have been using our own DCH backup ...

  • White-hat hacks Muhstik ransomware gang and releases decryption keys

    October 7, 2019

    A user got his revenge on the ransomware gang who encrypted his files by hacking their server and releasing the decryption keys for all other victims. This happened earlier today and involved the Muhstik gang. Muhstik is a recent strain of ransomware that has been active since late September, according to reports . This ransomware targets network-attacked ...

  • Report: Nation state hackers and cyber criminals are spoofing each other

    October 4, 2019

    Nation-state hackers and cyber criminals are increasingly impersonating each other to try and hide their tracks as part of advanced attack techniques says Optiv Security in its 2019 Cyber Threat Intelligence Estimate report. The top industries being targeted are retail, healthcare, government and financial institutions. Cryptojacking and ransomware are new exploits that join the traditional list of computer ...

  • Google Warns of Android Zero-Day Bug Under Active Attack

    October 4, 2019

    Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO ...

  • US, UK, and Australia jointly request for Facebook to stop end-to-end encryption plans

    October 4, 2019

    The United States, the United Kingdom, and Australia have joined to request that Facebook delay its plans to implement end-to-end encryption across its messaging services. First reported by BuzzFeed News, the governments on Thursday jointly published an open letter to Facebook CEO Mark Zuckerberg, asking for the company to ensure that encryption does not impede government officials ...

  • New Reductor Malware Hijacks HTTPS Traffic

    October 3, 2019

    Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server. Once infected, Reductor is used to spy on a victim’s browser activity, said the Global Research and Analysis Team (GReAT) ...

  • PKPLUG: Chinese Cyber Espionage Group Attacking Asia

    October 3, 2019

    For three years, Unit 42 has tracked a set of cyber espionage attack campaigns across Asia, which used a mix of publicly available and custom malware. Unit 42 created the moniker “PKPLUG” for the threat actor group, or groups, behind these and other documented attacks referenced later in this report. We say group or groups ...

  • FBI’s new ransomware warning: Don’t pay up, but if you do, tell us about it

    October 3, 2019

    After a spate of ransomware attacks on government organizations, the FBI has come up with a new stance on paying up ransomware demands. The latest groups to be targeted by high-value ransomware attacks are hospital organizations in Alabama, USA, and Victoria, Australia. Both resulted in hospitals turning away non-critical patients as employees worked to restore IT systems. The attacks on ...