News – October 2019


  • Calypso APT Emerges from the Shadows to Target Governments

    October 31, 2019

    A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India (34 percent), Brazil and Kazakhstan (18 percent respectively), Russia and Thailand (12 percent respectively) and Turkey (6 percent) have all been successfully infiltrated at some point, ...

  • ICS Attackers Set To Inflict More Damage With Evolving Tactics

    October 31, 2019

    Future attacks on industrial control system (ICS) networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remains extraordinarily difficult to mount successful attacks on critical ...

  • Insurance Pays Out a Sliver of Norsk Hydro’s Cyberattack Damages

    October 30, 2019

    On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to shut down or isolate several plants and ...

  • WhatsApp Spyware Attack: Uncovering NSO Group Activity

    October 30, 2019

    On the heels of Facebook filing a lawsuit against Israeli company NSO Group — alleging that it was behind the massive WhatsApp hack earlier this year — privacy experts say that the move is “popping the unaccountable bubble” that commercial spyware companies have carved out for themselves. After disclosing the lawsuit,WhatsApp said that cyber security experts at the Citizen Lab, ...

  • White Hat Hackers Get the Chance to Break Industrial Control System Security in PWN2OWN 2020

    October 30, 2019

    From enterprise applications and web browsers to mobile and IoT devices, hacking competition Pwn2Own has added another focus: industrial control system (ICS) and its associated protocols. Trend Micro’s Zero Day Initiative (ZDI), the bug bounty program behind Pwn2Own, has long been known to reward researchers for finding previously unknown software flaws. Set to happen in Miami come ...

  • Xhelper: Persistent Android dropper app infects 45K devices in past 6 months

    October 29, 2019

    Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements. The app, called Xhelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app ...

  • Nasty PHP7 remote code execution bug exploited in the wild

    October 26, 2019

    A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build ...

  • London police software quarantines thousands of cybercrime reports

    October 25, 2019

    Over 9,000 cybercrime reports filed by UK citizens have sat inside a police database without being investigated after security software mistakenly identified them as containing malicious code and placed them in quarantine. All the quarantined reports came from Action Fraud, an official UK police website where victims can report fraud and cybercrime. According to an audit published this week ...

  • Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform

    October 23, 2019

    Until now, the public’s exposure to mobile phone malware has been dominated by news about the privately run “greyware” vendors who have made headlines for being purveyors of spyware tools. These commercial smartphone spyware tools reportedly end up in the hands of autocrats who use it to hamper free speech, quash dissent, or worse. Consumers ...

  • Data collectors

    October 23, 2019

    Who owns data owns the world. And with the Internet taking over much of our daily lives, it has become far easier and faster to receive, collect, and analyze data. The average user cannot even imagine how much data gets collected on them. Besides technical information (for example, about a smartphone) harvested by a manufacturer to ...

  • The Banking and Finance Industry Under Cybercriminal Siege: An Overview

    October 22, 2019

    Financial institutions have now taken on an even more active role in the growing information technology (IT) and operational technology (OT) convergence. The need for 24/7-connected smart devices has driven the industry to adapt, especially with the wider adoption of the internet of things (IoT) among businesses and users. Unfortunately, this round-the-clock connection with their respective ...

  • Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords

    October 22, 2019

    Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn. Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from users. Called ...

  • Russian APT Turla targets 35 countries on the back of Iranian infrastructure

    October 21, 2019

    Dozens of countries have become embroiled in a state-backed spat between Russian and Iranian hacking groups, security agencies have warned. On Monday, the UK’s National Cyber Security Centre (NCSC), together with the US National Security Agency (NSA), published an advisory warning that military establishments, government departments, scientific organizations, and universities are among victims of an ongoing hacking campaign ...

  • Open database leaked 179GB in customer, US government, and military records

    October 21, 2019

    An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. On Monday, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used ...

  • Equifax failed to take even the most basic precautions, alleges lawsuit

    October 21, 2019

    A lawsuit on the 2017 data breach allege that Equifax staffers used the default – ‘admin’ – as the username and password to secure customer information portal How would you secure a portal containing valuable, personal finance information of 148 million accounts of customers spread across the US, Canada and the UK? Equifax employees chose default and ...

  • Avast says hackers breached internal network through compromised VPN profile

    October 21, 2019

    Czech cyber-security software maker Avast disclosed today a security breach that impacted its internal network. In a statement published today, the company said it believed the attack’s purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident. Avast said the breach occurred because the attacker compromised an employee’s VPN credentials, gaining access ...

  • Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies

    October 21, 2019

    Chinese cyberspies have developed malware that alters Microsoft SQL Server (MSSQL) databases and creates a backdoor mechanism that can let hackers connect to any account by using a “magic password.” Furthermore, as an added benefit, the backdoor also hides user sessions inside the database’s connection logs every time the “magic password” is used, helping hackers remain ...

  • Major Airport Malware Attack Shines a Light on OT Security

    October 18, 2019

    A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence. Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” but which skated by antivirus solutions on the endpoints by adding a ...

  • Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

    October 18, 2019

    Previously undocumented group hits IT providers in the Middle East. A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active ...

  • Phorpiex Botnet Shifts Gears From Ransomware to Sextortion

    October 17, 2019

    A  recent wide-scale campaign indicates that a decade-old botnet is shifting gears from distributing ransomware to delivering millions of sextortion threats to innocent recipients. Worse, researchers say that the botnet’s spam campaign can affect up to 27 million potential victims. The botnet, Phorpiex, has been active for almost a decade and currently controls almost 500,000 computers globally. The ...