News


  • Critical RCE Flaw in Palo Alto Gateways Hits Uber

    July 22, 2019

    A remote code-execution (RCE) vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases — but some large companies could still be impacted, including Uber. The gateways provide virtual private network (VPN) access to ...

  • French army will employ sci-fi writers to predict cyber threats

    July 22, 2019

    The French military is to assemble a team of science fiction writers to imagine possible future cyber threats and inject innovation into cyber defence. This will be a small group, known as the “Red Team” which will be comprised of four or five science fiction writers and or futurists. The team will be hired to “propose ...

  • Third Of European Businesses Not GDPR Compliant

    July 22, 2019

    Over a year since it was introduced, 30 percent of European organisations are still not GDPR compliant A significant number of European organisations have admitted that they are still not compliant with GDPR data protection rules. A survey from tax audit advisors RSM found that 30 percent of European businesses are still not compliant with GDPR, despite ...

  • Massive 7.5TB breach reveals secret Russian IT projects

    July 22, 2019

    Hackers breached the server of a major contractor working on behalf of the Russian intelligence service before stealing 7.5TB of sensitive data and sharing this freely with other hackers and journalists. Attackers infiltrated the company network of SyTech on 13 July, according to BBC Russia, and began a process of copying data while deleting masses of it. ...

  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide

    July 19, 2019

    One of our honeypots detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor as the final payload. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake the name of a ...

  • Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

    July 19, 2019

    A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From there the attackers asked their “friends” to open malicious documents. APT34, ...

  • Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

    July 18, 2019

    We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be ...

  • Bulgaria’s hacked database is now available on hacking forums

    July 18, 2019

    The database of Bulgaria’s National Revenue Agency (NRA), which was hacked over the weekend and sent to local reporters, is now being shared on hacking forums, ZDNet has learned from sources in the threat intelligence community. Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of ...

  • Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises

    July 18, 2019

    The infamous Mirai internet of things botnet is spiking in growth while changing up its tactics, techniques and procedures so far in 2019, to target more and more enterprise-level hardware, It’s a state of affairs that presents a greater concern than ever before given the ongong migration to the cloud era, researchers said. According to researchers ...

  • StrongPity APT Returns with Retooled Spyware

    July 17, 2019

    The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers. “The new malware samples have been unreported and generally appear to ...

  • Why Cities Are a Low-Hanging Fruit For Ransomware

    July 15, 2019

    Ransomware attacks against local governments and cities are repeatedly making headlines, with crippling results on city operations and budgets. Last month, the Florida city of Riviera Beach paid hackers $600,000 after being hit by a ransomware attack that downed its computer systems for three weeks. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted ...

  • Turla APT Returns with New Malware, Anti-Censorship Angle

    July 15, 2019

    The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. The Russian-speaking actors believed behind Turla named the dropper “Topinambour,” which is another word for the ...

  • New Miori Variant Uses Unique Protocol to Communicate with C&C

    July 10, 2019

    We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. It has recently reappeared bearing a notable difference in the way it communicates with its command-and-control (C&C) server. This Miori variant departs from the usual binary-based protocol and uses ...

  • Marriott Hit With $123M Fine For Massive 2018 Data Breach

    July 9, 2019

    The U.K.’s privacy watchdog is hitting Marriott International with a $123 million (£99 million) penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office (ICO) and comes only a day after the organization proposed a record $230 million fine against British Airways for its ...

  • Hackers breached Greece’s top-level domain registrar

    July 9, 2019

    State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el. ICS-Forth, which stands for the Institute of Computer Science of the Foundation for Research and Technology, publicly admitted to the security incident in emails it sent ot domain owners on April 19. The hackers behind the breach are the same group ...

  • Anubis Android Malware Returns with Over 17,000 Samples

    July 8, 2019

    The 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information ...

  • NHS must spend now to prevent devastation of ‘WannaCry 2.0’

    July 4, 2019

    The government must urgently pump more money into cyber securitywithin the NHS to plug gaps that render the healthcare system vulnerable to an attack more destructive than the WannaCry saga. Although many positive steps have been taken since the 2017 attack, a lack of investment, a deficit of skills and awareness, and the use of out-dated systems are ...

  • ‘Twas the night before

    July 4, 2019

    Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source. Accordingly, subscribers to ...

  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

    July 4, 2019

    Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea. This ...

  • Sodin ransomware exploits Windows vulnerability and processor architecture

    July 3, 2019

    When Sodin (also known as Sodinokibi and REvil) appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows (rare among ransomware), and uses legitimate processor ...