News – August 2020


  • CyberCon London Webinar Series – FREE WEBINAR

    August 21, 2020

    Fraud & Cyber Security – The Insider Threat 4pm – 5pm UK time, 24 September 2020​ 75% of Security Breaches Come From Insider Threats!​ Join our experts Ghonche Alavi, Eliav Boaron, Philip Ingram, and Ryan Rubin as they explore this exciting topic and provide answers to the following questions… What are the biggest opportunities for employees to commit crimes What are the most common ...

  • Bug bounty platform ZDI awarded $25m to researchers over the past 15 years

    August 20, 2020

    Bug bounty platform pioneer Zero-Day Initiative (ZDI) said it awarded more than $25 million in bounty rewards to security researchers over the past decade and a half. In an anniversary post celebrating its 15-year-old birthday, ZDI said the bounty rewards represent payments to more than 10,000 security researchers for more than 7,500 successful bug submissions. Most of ...

  • Transparent Tribe: Evolution analysis, part 1

    August 20, 2020

    Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT ...

  • Former Uber CSO charged for 2016 hack cover-up

    August 20, 2020

    Uber’s former chief security officer was charged on Thursday for covering up the company’s 2016 security breach, during which hackers stole the personal details of 57 million Uber customers and the details of 600,000 Uber drivers. Prosecutors in Northern California are charging Joe Sullivan, 52, who served as Uber CSO between April 2015 and November 2017, ...

  • Cisco Critical Flaw Patched in WAN Software Solution

    August 19, 2020

    Cisco patched a critical flaw in its wide area network (WAN) software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services (vWAAS), which is software that Cisco describes as a “WAN optimization solution.” It helps manage business applications that are being leveraged ...

  • WannaRen ransomware author contacts security firm to share decryption key

    August 19, 2020

    A major ransomware outbreak hit Chinese internet users earlier this year in April. For about a week, a ransomware strain known as WannaRen made tens of thousands of victims among both home consumers and local Chinese and Taiwanese companies. Looking back, in retrospect, four months later, WannaRen’s virality can be explained due to the fact that ...

  • Airline DMARC Policies Lag, Opening Flyers to Email Fraud

    August 19, 2020

    More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s ...

  • Experian South Africa discloses data breach impacting 24 million customers

    August 19, 2020

    The South African branch of consumer credit reporting agency Experian disclosed a data breach on Wednesday. The credit agency admitted to handing over the personal details of its South African customers to a fraudster posing as a client. While Experian did not disclose the number of impacted users, a report from South African Banking Risk Centre (SABRIC), ...

  • Threat Recap: Darkside, Crysis, Negasteal, Coinminer

    August 19, 2020

    In the past few weeks, we have spotted notable developments for different types of threats. For ransomware, a new family named Darkside surfaced, while operators behind Crysis/Dharma released a hacking toolkit. For messaging threats, a targeted email campaign was used to propagate Negasteal/Agent Tesla. Finally, for fileless threats, a coinminer was seen bundled with legitimate applications. Read ...

  • US govt exposes new North Korean BLINDINGCAN backdoor malware

    August 19, 2020

    U.S. government agencies today published a malware analysis report exposing information on a remote access trojan (RAT) malware used by North Korean hackers in attacks targeting government contractors. The malware was identified by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) and is known as known BLINDINGCAN. The trojan was attributed ...

  • Researchers Warn of Flaw Affecting Millions of IoT Devices

    August 19, 2020

    Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things (IoT) devices. If exploited, researchers speculated that the flaw could allow attackers to knock out a city’s electricity or even overdose a medical patient. The vulnerability exists in a widely used Cinterion module, a ...

  • New FritzFrog P2P botnet has breached at least 500 enterprise, government servers

    August 19, 2020

    A P2P botnet newly-discovered by researchers has struck at least 500 government and enterprise SSH servers over 2020. On Wednesday, cybersecurity firm Guardicore Labs published research into FritzFrog, a peer-to-peer (P2P) botnet that has been detected by the company’s sensors since January this year. According to researcher Ophir Harpaz, FritzFrog has attempted to brute-force SSH servers belonging ...

  • Phishing scams dominate the Philippines cybercrime landscape

    August 19, 2020

    Cybercrime in the Philippines is on a rapid rise, with phishing campaigns alone up 200% since the country went into lockdown in March In today’s highly-digitalized society, wanton cybercrimes have proven to be difficult to eradicate, and the cyberattack threat matrix just got riskier when recent quarantine and lockdown restrictions forced everyone indoors. Not only did ...

  • The Cybersecurity Blind Spots Of Connected Cars

    August 18, 2020

    Technology has accelerated the pace in which vehicles provide mobility and convenience. Nowadays, it’s common for connected cars to let their users have instant access to navigation and traffic data, play desired media content, and get up-to-the-minute weather and collision alerts, among other capabilities — thanks to connected technologies such as vehicle-to-everything (V2X) communication and ...

  • Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs

    August 18, 2020

    Law enforcement in Ukraine has announced today the arrest of a cybercrime gang who ran 20 cryptocurrency exchanges where they laundered more than $42 million in funds for criminal groups. The group, which authorities said had three members, has been operating from Ukraine’s Poltava region since 2018. According to Ukrainian officials, the group has advertised its ...

  • Dharma RaaS is ‘targeting and menacing’ SMBs

    August 17, 2020

    Dharma ransomware as-a-service (RaaS), which is among the world’s most popular, is being used predominantly to target small and medium-sized businesses (SMBs), according to a new report from Sophos. Offers as a service, Dharma ransomware is available to whoever is willing to pay for its use. User groups (called affiliates) rely “almost entirely” on a menu-driven ...

  • Nigeria: Military Personnel Arrested For Cybercrime In Lagos

    August 17, 2020

    Lance Corporal Ajayi Kayode, a serving military personnel in Lagos State, has been arrested for alleged Internet fraud. Kayode was arrested in the Lekki axis of the state by operatives of the Economic and Financial Crimes Commission. The soldier, who was arrested alongside 26 others, said he was still learning “yahoo yahoo” (Internet fraud) from his friends ...

  • World’s largest cruise line operator Carnival hit by ransomware

    August 17, 2020

    Cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. Carnival Corporation is the largest cruise operator in the world with over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, ...

  • ‘EmoCrash’ Exploit Stoppered Emotet For 6 Months

    August 17, 2020

    A researcher was able to exploit a vulnerability in Emotet – effectively causing the infamous malware to crash and preventing it from infecting systems for six months. Emotet, which first emerged in 2014 and has since then evolved into a full fledged botnet that’s designed to steal account credentials and download further malware, mysteriously disappeared from ...

  • Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

    August 17, 2020

    The Ritz Hotel in London has launched an investigation into a data breach in which scammers may have posed as staff members to steal credit card data. In a series of messages posted to Twitter dated August 15, the luxury hotel chain said that on August 12, the company was made aware of a “potential data ...