News – October 2017


  • Cyber-security threat to UK ‘as serious as terrorism’ – GCHQ

    October 9, 2017

    Keeping the UK safe from cyber-attacks is now as important as fighting terrorism, the head of the intelligence monitoring service GCHQ has said. Jeremy Fleming said increased funding for GCHQ was being spent on making it a “cyber-organisation” as much as an intelligence and counter-terrorism one. It comes after the NHS and parliament suffered cyber-attacks this year. Mr ...

  • Disqus Hacked: More than 17.5 Million Users’ Details Stolen in 2012 Breach

    October 6, 2017

    Another day, Another data breach disclosure. This time the popular commenting system has fallen victim to a massive security breach. Disqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole details of more than 17.5 million users. The stolen data ...

  • Kaspersky hearing with House committee set for late October

    October 6, 2017

    In the latest installment of the ongoing saga of Russia-based cybersecurity firm Kaspersky Lab and the U.S. government, the company has a new date with Congress. Rescheduling a hearing originally set for last week, the House Committee on Science, Space and Technology has set a new hearing for October 25, Reuters reports. News of the rescheduled hearing comes a day after ...

  • Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

    October 6, 2017

    Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows ...

  • Emergency Apple Patch Fixes High Sierra Password Hint Leak

    October 6, 2017

    Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature. Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said that upon creation of an encrypted container in APFS—Apple’s new ...

  • U.S. Believes Russian Spies Used Kaspersky Antivirus to Steal NSA Secrets

    October 6, 2017

    Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there’s no solid evidence yet available, an article published by WSJ claims that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky ...

  • Apache Tomcat Patches Important Remote Code Execution Flaw

    October 5, 2017

    The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation (ASF), is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, ...

  • UK cybercops reacted to 590 ‘significant attacks’ over past year – report

    October 5, 2017

    The National Cyber Security Centre responded to 590 “significant attacks” over the last year including WannaCry, MPs’ email addresses being targeted due to weak passwords and various threats to other large organisations. The body was created in October last year, bringing together previously separate parts of government, MI5 and GCHQ. Its aim is to support and advise the public ...

  • Spy vs spy vs hacker vs… who is THAT? Everyone’s hacking each other

    October 5, 2017

    VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other’s infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence ...

  • Inside the CCleaner Backdoor Attack

    October 5, 2017

    As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads. The revelation was made during a talk at Virus Bulletin 2017 during which Jakub Kroustek and Jiri Bracek shared technical details on the ...

  • FormBook—Cheap Password Stealing Malware Used In Targeted Attacks

    October 5, 2017

    It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, including Arbor Networks and FireEye, ...

  • Why You Should Gamify Your Cybersecurity Training

    October 4, 2017

    With big data breaches occurring almost weekly, companies are looking for ways to tighten up their cybersecurity training. Information security risks continue to evolve, and employees must be educated on the latest security vulnerabilities and encouraged to adapt their behaviors to address such exposures. The latest big data breach? Equifax. One of the nation’s three largest credit reporting companies was ...

  • Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies

    October 3, 2017

    Equifax, the credit agency behind this summer’s breach of 143 million Americans, said this week the number of victims implicated in the breach has increased. Paulino do Rego Barros, Jr., the company’s interim CEO, announced Monday that 2.5 million additional Americans were also impacted, bringing the grand total to 145.5 million affected individuals. Equifax initially called its investigation around ...

  • Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software

    October 2, 2017

    Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it. Dnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, ...

  • IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS

    September 22, 2017

    An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution. Linux.ProxyM has the capability to engage in email spam campaigns with marked difference to other IoT botnets, such as Mirai, that infamously offered a potent platform for running distributed-denial-of-service attacks (DDoSing). Other IoT botnets have been used as proxies ...