News – June 2018

  • Platinum is back

    June 5, 2019

    In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The actor behind this campaign, believed to be related to the notorious ...

  • Researchers Uncover New Attacks Against LTE Network Protocol

    June 29, 2018

    If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users’ cellular networks, modify the contents of their ...

  • Adidas US breach may have exposed millions of customers’ personal info

    June 29, 2018

    Adidas warned late on Thursday that hackers may have lifted customer data from its US website. The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial nor fitness information was at risk. Read more… Source: The Register  

  • RAMpage Attack Explained – Exploiting RowHammer On Android Again!

    June 29, 2018

    A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim’s device to take advantage from the previously ...

  • Hotels, airlines and travel sites battle bot attacks

    June 27, 2018

    Hotels, airlines, cruises and travel sites are under siege from crooks using fake or stolen account details to try to access accounts. Hackers have been using stolen or leaked account details to attempt to log into accounts, using botnets to deliver attacks at industrial scale, according to research by Akamai. Read more… Source: ZDNet  

  • Thanatos ransomware: Free decryption tool released for destructive file-locking malware

    June 27, 2018

    Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating ...

  • Up to 40,000 British Ticketmaster users may have had their personal and payment details stolen by hackers

    June 27, 2018

    Ticketmaster UK have admitted British customers may have had their credit card data stolen in a security breach that could have affected up to 40,000 people. The company says it ‘identified malicious software’ on a third party product on Saturday, but did not reveal the breach until today. The firm said it disabled the software as soon ...

  • There’s a new £13.5m government-backed London office for cyber security innovation opening today at Plexal

    June 26, 2018

    The London Office for Rapid Cyber security Advancement (LORCA) has officially opened its doors today in East London. Launched by digital secretary Matt Hancock, LORCA will be run by tech innovation centre Plexal, located on the Here East digital campus inside Plexal City. The government-backed £13.5m centre will help the UK’s newest cyber security startups on their ...

  • New Malware Family Uses Custom UDP Protocol for C&C Communications

    June 26, 2018

    Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto, the hacking group, which they dubbed RANCOR, has been found using two new malware families—PLAINTEE and DDKONG—to target ...

  • WPA3 Standard Officially Launches With New Wi-Fi Security Features

    June 25, 2018

    The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks. WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers ...

  • UK Tax Agency Collects 5.1M Biometric Voice IDs, May Violate GDPR

    June 24, 2018

    Her Majesty’s Revenue and Customs (HMRC) in the UK is under investigation by that country’s regulator over the collection of more than 5 million biometric voice IDs. The Information Commissioner’s Office (ICO) is investigating the tax agency’s practice, which may violate the recently implemented General Data Protection Regulation, following an official complaint from watchdog group Big ...

  • White House picks new chief to oversee cyber-weapons group

    June 22, 2018

    The White House has a new leader of a largely secretive government group that decides whether software and hardware vulnerabilities should be withheld from the public to help the government conduct cyber operations. Grand Schneider, the federal chief information security officer and senior director at the National Security Council, was named head of the Vulnerabilities Equities Process (VEP) ...

  • Dixons Carphone prepare for backlash following data breach

    June 21, 2018

    Firm faces possible fine under GDPR after data breach went undetected Dixons Carphone faces further woes as its full-year earnings were hit, as it battle against the backlash of a serious cyber breach revealed last week. Falling gross profits and a plummeting share price were expected as the investigation continues into the data breach that compromised ...

  • GCHQ chief highlights UK’s ‘critical role’ in thwarting European attacks

    June 19, 2018

    Speaking after meetings at NATO’s Brussels headquarters, Jeremy Fleming cited GCHQ’s involvement in disrupting terrorist activity on the continent in a bid to highlight the importance of UK-EU security links. The comments will be viewed in some quarters as a pointed intervention in the Brexit debate, coming hot on the heels of remarks by the EU’s chief ...

  • APT15 Pokes Its Head Out With Upgraded MirageFox RAT

    June 19, 2018

    The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This is the first evidence of the China-linked actor’s activity since hacking the U.K. government and military ...

  • FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users

    June 19, 2018

    Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published ...

  • Olympic Destroyer Returns to Target Biochemical Labs

    June 19, 2018

    Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishing documents that share much in common with the weaponized ...

  • F-Secure to buy cyber security firm MWR

    June 19, 2018

    Data securitycompany F-Secure said on Monday it had agreed to acquire Britain-based MWR InfoSecurity for 80 million pounds ($106 million) in cash to widen its range of cyber security services. The Finnish company, which is best known for its anti-virus protection products for consumer and businesses, said the deal would make it the largest European provider of services that help ...

  • Ex-CIA employee charged with leaking ‘Vault 7’ hacking tools to Wikileaks

    June 18, 2018

    A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency’s history. Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 ...

  • Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”

    June 18, 2018

    A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted. Axis deploys a ...