News


  • Steganography in attacks on industrial enterprises (updated)

    June 17, 2020

    Kaspersky ICS CERT experts have identified a series of attacks on organizations located in different countries. As of early May 2020, there are known cases of attacks on systems in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors. Attack victims include suppliers of equipment ...

  • AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations

    June 17, 2020

    When the news broke in 2014 about a new sophisticated threat actor dubbed the Turla Group, which the Estonian foreign intelligence service believes has Russian origins and operates on behalf of the FSB, its kernelmode malware also became the first publicly-described case that abused a third-party device driver to disable Driver Signature Enforcement (DSE). This security mechanism was introduced in Windows Vista ...

  • Do cybercriminals play cyber games during quarantine?

    June 17, 2020

    Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some of these changes are definitely for the better, some are not very good, but almost all of them in some way affect digital security issues. We decided to take a closer look at the changes around ...

  • IT giant Cognizant confirms data breach after ransomware attack

    June 17, 2020

    In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As a managed service provider (MSP), Cognizant ...

  • Ripple20 vulnerabilities will haunt the IoT landscape for years to come

    June 16, 2020

    Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. The number if impacted products is estimated at “hundreds of millions” and includes products such as smart home devices, power grid equipment, ...

  • Cosmetics giant Avon is recovering from a mysterious cyber-security incident

    June 16, 2020

    Avon has filed documents with the US Securities Exchange Commission disclosing the incident on June 9, a day after the company first discovered issues with some of its IT infrastructure. The company said the incident “interrupted some systems and partially affected operations.” Last week, Avon distributors reported problems accessing the company’s backend, where they usually file new product ...

  • US bank customers targeted in ongoing Qbot campaign

    June 15, 2020

    Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot (also known as Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features  used to steal banking credentials and financial data, as well as to log user keystrokes, deploy backdoors, and drop additional ...

  • ‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

    June 15, 2020

    Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are caused by nearby sounds. All an attacker ...

  • Black Kingdom ransomware hacks networks with Pulse VPN flaws

    June 13, 2020

    Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors. They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN ...

  • Italian company exposed as a front for malware operations

    June 12, 2020

    For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, but has secretly advertised and provided its service to malware gangs. The company’s secret business came to light after security researchers from Check Point began looking at GuLoader [1, ...

  • Russia says Germany has not provided any evidence of Bundestag hack

    June 12, 2020

    Russian officials said this week that German authorities have failed to produce the evidence that Russian military hackers breached the German Parliament in 2015. The statement is in relation to an arrest warrant that Germany filed at the end of May, when they charged a Russian hacker named Dmitriy Sergeyevich Badin. German prosecutors said Badin was a ...

  • 6 New Vulnerabilities Found on D-Link Home Routers

    June 12, 2020

    On February 28, 2020, Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware. The vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. The current trend towards working from home increases the likelihood of malicious attacks against home ...

  • Android ‘ActionSpy’ Malware Targets Turkic Minority Group

    June 12, 2020

    Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via watering-hole websites or fake websites. Researchers believe ActionSpy is being used in ongoing campaigns to target Uyghur victims. The Uyghurs, a Turkic minority ethnic group affiliated with Central and East Asia, have previously been targeted in spyware attacks. Though ...

  • Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware

    June 11, 2020

    Industrial control networks are coming under attack from a range of ransomware attacks, security researchers have warned, after an experiment revealed the speed at which hackers are uncovering vulnerabilities in critical infrastructure. Security company Cybereason built a ‘honeypot’ designed to look like an electricity company with operations across Europe and North America. The network was made to ...

  • Gamaredon hackers use Outlook macros to spread malware to contacts

    June 11, 2020

    New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The threat actor disables protections for running macro scripts in Outlook and to plant the source file for the spearphishing attacks that spread malware to other victims. Gamaredon ...

  • Hackers breached A1 Telekom, Austria’s largest ISP

    June 11, 2020

    A1 Telekom, the largest internet service provider in Austria, has admitted to a security breach this week, following a whistleblower’s exposé. The company admitted to suffering a malware infection in November 2019. A1 said its security team detected the malware a month later, but that removing the infection was more problematic than it initially anticipated. From December ...

  • City of Knoxville shuts down network after ransomware attack

    June 11, 2020

    The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city’s offices. Knoxville has a population of over 180,000, it’s Tennessee’s third-largest city after Nashville and Memphis, and it’s also part of the Knoxville Metropolitan Statistical Area, with a reported population of almost 870,000 in 2015. Read ...

  • Forward-looking security analysis of smart factories [Part 3] – Trojanized libraries for industrial IoT devices

    June 11, 2020

    IoT devices are being incorporated more and more into smart factories. IoT devices are endpoints that have a unique IP address and that can connect to the Internet; they are expected to be used for various purposes not only in development but also in production environments, in combination with original programs developed in-house as well ...

  • SAVE THE DATE: CONNECT by COGES Events

    June 11, 2020

    Paris, 11 June 2020 After cancellation of Eurosatory due to the current sanitary crisis, its organiser COGES EVENTS will hold the online business meetings “CONNECT”, on September 14 and 15, 2020. They will be dedicated to all French and international manufacturers in the land and airland Defence and Security domains. These online meetings should allow to the ...

  • FBI warns of increased hacking risk if using mobile banking apps

    June 10, 2020

    The U.S. Federal Bureau of Investigation (FBI) today warned mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts. The alert, published on the agency’s Internet Crime Complaint Center (IC3), says that the increased usage of such apps during the pandemic could lead to ...