News – December 2019


  • Microsoft Takes Control Of ‘Thallium’ Hacking Domains

    December 31, 2019

    Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed. Redmond said that it had taken control of web domains used by Thallium to steal information. The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that ...

  • US Coast Guard discloses Ryuk ransomware infection at maritime facility

    December 30, 2019

    An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas. The agency did not reveal the name or the location of the port authority; however, it described the incident as recent. “Forensic analysis is currently ongoing but the virus, ...

  • New Year Honours: Government faces multi-million pound compensation bill over leaked private details

    December 29, 2019

    The Government is facing fines and a compensation bill running into millions of pounds after the disclosure of the home addresses of counter-terrorism experts, senior police officers and celebrities on the new year honours list. Senior figures demanded an exhaustive inquiry into the circumstances which led to the personal details of more than 1,000 individuals who will ...

  • FIN7 Hackers’ BIOLOAD Malware Drops Fresher Carbanak Backdoor

    December 27, 2019

    Malware researchers have uncovered a new tool used by the financially-motivated cybercriminal group known as FIN7 to load fresher builds of the Carbanak backdoor. Dubbed BIOLOAD, the malware loader has a low detection rate and shares similarities with BOOSTWRITE, another loader recently identified to be part of FIN7’s arsenal. The malware relies on a technique called binary planting that ...

  • Ransomware Hits Maastricht University, All Systems Taken Down

    December 27, 2019

    Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two ...

  • Critical Citrix Bug Puts 80,000 Corporate LANs at Risk

    December 26, 2019

    Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution. The Citrix products (formerly the NetScaler ADC and Gateway) are used for ...

  • Wireshark Tutorial: Examining Ursnif Infections

    December 23, 2019

    Ursnif is banking malware sometimes referred to as Gozi or IFSB. The Ursnif family of malware has been active for years, and current samples generate distinct traffic patterns. This tutorial reviews packet captures (pcaps) of infection Ursnif traffic using Wireshark. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Ursnif infections. This tutorial covers ...

  • Chinese hacker group caught bypassing 2FA

    December 23, 2019

    Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a ...

  • Russia successfully disconnected from the internet

    December 23, 2019

    The Russian government announced on Monday that it concluded a series of tests during which it successfully disconnected the country from the worldwide internet. The tests were carried out over multiple days, starting last week, and involved Russian government agencies, local internet service providers, and local Russian internet companies. The goal was to test if the country’s ...

  • Apple opens public bug bounty program, publishes official rules

    December 20, 2019

    Apple has formally opened its bug bounty program today to all security researchers, after announcing the move earlier this year in August at the Black Hat security conference in Las Vegas. Until today, Apple ran an invitation-based bug bounty program for selected security researchers only and was accepting only iOS security bugs. Starting today, the company will accept vulnerability ...

  • Unit 42 Discovers 13 New Vulnerabilities Across Microsoft and Adobe Products

    December 19, 2019

    Palo Alto Networks’ Unit 42 threat researchers have been credited with discovering six new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of its December Adobe Security Bulletin APSB19-55 security updates. Additionally, seven new “important” rated vulnerabilities were addressed by the Microsoft Security Response Center (MSRC) as part of its September, October and November ...

  • This ‘grab-bag’ hacking attack drops six different types of malware in one go

    December 19, 2019

    A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a ‘grab-bag’ of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer. Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named ‘Hornet’s Nest’. The ...

  • Avast and AVG extensions pulled from Chrome

    December 19, 2019

    Google Chrome is the latest browser to drop AVG and Avast extensions after reports of excessive data snooping. Back in October, a blog post from Wladimir Palant, founder and CTO at AdBlock Plus, highlighted that browser extensions created by the two security firms were hoovering up more data than necessary to function, especially versus rivals such as Google ...

  • Frankfurt shuts down IT network following Emotet infection

    December 19, 2019

    Frankfurt, one of the largest financial hubs in the world and the home of the European Central Bank, has shut down its IT network this week following an infection with the Emotet malware. Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet. The other three are ...

  • 267M Facebook Users’ Phone Numbers Exposed Online

    December 19, 2019

    A database exposing the names, phone numbers and Facebook user IDs of millions of platform users was left unsecured on the web for nearly two weeks before it was removed. Security researcher Bob Diachenko, who along with Comparitech discovered the unsecured Elasticsearch database, believe it belongs to a cybercriminal organization, as opposed to Facebook. Diachenko went to ...

  • Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry

    December 18, 2019

    Mining, transportation, refining, distribution—the oil and gas industry has a widespread and complicated production chain that can be difficult to comprehensively defend. Risks come from all sides: extreme weather can affect transportation, politics (global and local) can impact production, and physical attacks on infrastructure can actually threaten worker safety and even impact the world’s oil ...

  • Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia

    December 17, 2019

    In late June 2018, Unit 42 revealed a previously unknown cyber espionage group we dubbed Rancor, which conducted targeted attacks in Southeast Asia throughout 2017 and 2018. In recent attacks, the group has persistently targeted at least one government organization in Cambodia from December 2018 through January 2019. While researching these attacks, we discovered an undocumented, ...

  • Lazarus pivots to Linux attacks through Dacls Trojan

    December 17, 2019

    Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and malware outbreaks including the infamous WannaCry rampage, the $80 million Bangladeshi bank heist, and a new campaign impacting financial institutions worldwide. Recent reports ...

  • DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet

    December 16, 2019

    Trend Micro recently found notable malware activity affecting devices running Linux, a platform that has battled numerous issues just this year. Further analysis of retrieved malware samples revealed that these actions were connected to a botnet called Momentum (named for the image found in its communication channel). We found new details on the tools and techniques ...

  • Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities

    December 13, 2019

    Since the discovery of the Mirai variant using the binary name ECHOBOT in May 2019, it has resurfaced from time to time, using new infrastructure, and more remarkably, adding to the list of vulnerabilities it scans for, as a means to increase its attack surface with each evolution. Unlike other Mirai variants, this particular variant stands out for the sheer ...