News


  • Investigating the Gootkit Loader

    December 11, 2020

    Since October 2020, we saw an increase in the number of Gootkit cases targeting users in Germany. We investigated this development and found that the Gootkit loader was now capable of sophisticated behavior that enabled it to surreptitiously load itself onto an affected system and make analysis and detection more difficult. This capability was used to ...

  • Australia: Communications department flags idea of tying telco licences to cyber capability

    December 11, 2020

    The Department of Infrastructure, Transport, Regional Development, and Communications has run up the flagpole the idea of inserting security provisions into the Telecommunications Act to require telcos to safeguard their systems as a condition of their licence to operate. Writing in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the ...

  • MountLocker ransomware gets slimmer, now encrypts fewer files

    December 11, 2020

    MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files. This ransomware operation started in July 2020, and it targets corporate networks. Its operators steal data before encrypting it and threaten victims to leak files unless their multi-million ...

  • Threat Brief: FireEye Red Team Tool Breach

    December 10, 2020

    On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration ...

  • The story of the year: remote work

    December 10, 2020

    The coronavirus pandemic has caused sudden, sweeping change around the world. The necessary social distancing measures are having an impact on all of us. One large part of society that has been affected by these measures more than others is the employed. While direct customer facing businesses like restaurants and retailers have had to change ...

  • A Security Guide to IoT-Cloud Convergence

    December 10, 2020

    The internet of things (IoT) has risen as one solution to the demands that have emerged because of the worldwide pandemic. The IoT, with its key characteristic of minimizing human interaction in performing a myriad of functions, seems a perfect fit in a world of remote setups and social distancing. But it is thanks to ...

  • Chinese APT suspected of supply chain attack on Mongolian government agencies

    December 10, 2020

    A Chinese state-sponsored hacking group, also known as an APT, is suspected of having breached a Mongolian software company and compromised a chat app used by hundreds of Mongolian government agencies. The attack is believed to have taken place earlier this year, in June, according to a report published today by Slovak security firm ESET. The hackers ...

  • European Medicines Agency says it has been targeted by cyber attack

    December 9, 2020

    In a short statement published on its website, the agency said: “EMA has been the subject of a cyberattack. The agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities. “EMA cannot provide additional details whilst the investigation is ongoing. Further information will be made available in due course,” ...

  • FireEye reveals that it was hacked by a nation state APT group

    December 9, 2020

    Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. The attackers were able to steal Red Team assessment tools FireEye uses to test customers’ security and designed to mimic tools used by many cyber threat actors. FireEye is one of several security firms ...

  • Foxconn electronics giant hit by ransomware, $34 million ransom

    December 9, 2020

    Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. Foxconn is the largest electronics manufacturing company globally, with recorded revenue of $172 billion in 2019 and over 800,000 employees worldwide. Foxconn subsidiaries include Sharp Corporation, Innolux, FIH Mobile, and Belkin. BleepingComputer has been ...

  • Norway: Russian APT28 state hackers likely behind Parliament attack

    December 9, 2020

    Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament (Stortinget) email accounts on August 24, 2020, according to the Norwegian Police Security Service (PST, short for Politiets Sikkerhetstjeneste). Attackers gained access to a limited number of Stortinget email accounts of representatives and employees as disclosed by Stortinget director Marianne Andreassen. A statement published on the parliament’s ...

  • Severe MDHexRay bug affects 100+ GE Healthcare imaging systems

    December 9, 2020

    A vulnerability in GE Healthcare’s proprietary management software used for medical imaging devices could put patients’ health privacy at risk, potentially their lives. The flaw received the name MDHexRay (CVE-2020-25179) and a severity score of 9.8 out of 10. It affects more than 100 CT, X-Ray, MRI device models in a dozen product lines from the ...

  • Chinese Breakthrough in Quantum Computing a Warning for Security Teams

    December 7, 2020

    China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before. Researchers from the University of Science ...

  • RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report

    December 7, 2020

    Hackers have dumped sensitive company data that was stolen during a ransomware attack last month on aircraft manufacturer Embraer. The compromised data appeared on a new dark web site created to publish leaked information, according to a published report. The move appears to be a revenge for the Brazilian-based company’s refusal to pay a ransom in ...

  • NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability

    December 7, 2020

    The US National Security Agency has published a security alert today urging companies to update VMWare products for a vulnerability that is currently exploited by “Russian state-sponsored malicious cyber actors.” The vulnerability tracked as CVE-2020-4006, impacts VMWare endpoint and identity management products, often deployed in enterprise and government networks. The affected products, listed below, allow system administrators ...

  • Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

    December 7, 2020

    Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp instant messages. According to U.S. feds, the developers of this malware are ...

  • Hacker opens 2,732 PickPoint package lockers across Moscow

    December 7, 2020

    A mysterious hacker used a cyber-attack to force-open the doors of 2,732 package delivery lockers across Moscow. The attack, which took place on Friday afternoon, December 4, targeted the network of PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers across Moscow and Saint Petersburg. Russians can order products online and ...

  • Italian police arrest 2 in defense data theft case

    December 6, 2020

    Police in Italy have arrested two people in connection with the hacking of Italian aerospace and electronics company Leonardo, the Interior Ministry announced on Saturday. The Leonardo group also has a cybersecurity division that counts NATO among its customers and is involved in making electronic weapons and missiles. The hackers allegedly managed to steal sensitive data ...

  • Kazakhstan government is intercepting HTTPS traffic in its capital

    December 6, 2020

    Under the guise of a “cybersecurity exercise,” the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services. Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users’ devices via a technique ...

  • The chronicles of Emotet

    December 4, 2020

    More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. The malware is still in fine fettle, and remains one of the most potent cybersecurity threats ...