News – October 2019


  • The Value of Dark Web Coverage for Third-Party Risk Management

    October 9, 2019

    Everyone knows that a key ingredient to an effective third-party risk program is comprehensive, high-quality risk information. This includes details on supply chain risk, financial risk, legal risk, cyber risk, and more. With growing third-party ecosystems, it’s easier said than done for risk management teams to collect, organize, and prioritize their own risk information along ...

  • D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

    October 8, 2019

    D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, ...

  • Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella

    October 8, 2019

    IBM, McAfee, and 16 other companies have launched an initiative designed to tackle fragmentation and interoperability problems in the cybersecurity space. As cyberthreats have become frequent aspects of our lives — whether related to the risk of fraud and identity theft in the consumer realm or state-sponsored attacks launched against enterprise companies and critical service providers ...

  • Alabama Hospitals Pay Up in Ransomware Attack

    October 7, 2019

    An Alabama hospital system has paid its attackers in a ransomware attack that knocked its systems offline on Oct. 1. Officials at the DCH Health System didn’t say how much the hospitals paid for the decryption key, but noted that they have started a “methodical” process of system restoration. “We have been using our own DCH backup ...

  • White-hat hacks Muhstik ransomware gang and releases decryption keys

    October 7, 2019

    A user got his revenge on the ransomware gang who encrypted his files by hacking their server and releasing the decryption keys for all other victims. This happened earlier today and involved the Muhstik gang. Muhstik is a recent strain of ransomware that has been active since late September, according to reports . This ransomware targets network-attacked ...

  • Report: Nation state hackers and cyber criminals are spoofing each other

    October 4, 2019

    Nation-state hackers and cyber criminals are increasingly impersonating each other to try and hide their tracks as part of advanced attack techniques says Optiv Security in its 2019 Cyber Threat Intelligence Estimate report. The top industries being targeted are retail, healthcare, government and financial institutions. Cryptojacking and ransomware are new exploits that join the traditional list of computer ...

  • Google Warns of Android Zero-Day Bug Under Active Attack

    October 4, 2019

    Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO ...

  • US, UK, and Australia jointly request for Facebook to stop end-to-end encryption plans

    October 4, 2019

    The United States, the United Kingdom, and Australia have joined to request that Facebook delay its plans to implement end-to-end encryption across its messaging services. First reported by BuzzFeed News, the governments on Thursday jointly published an open letter to Facebook CEO Mark Zuckerberg, asking for the company to ensure that encryption does not impede government officials ...

  • New Reductor Malware Hijacks HTTPS Traffic

    October 3, 2019

    Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server. Once infected, Reductor is used to spy on a victim’s browser activity, said the Global Research and Analysis Team (GReAT) ...

  • PKPLUG: Chinese Cyber Espionage Group Attacking Asia

    October 3, 2019

    For three years, Unit 42 has tracked a set of cyber espionage attack campaigns across Asia, which used a mix of publicly available and custom malware. Unit 42 created the moniker “PKPLUG” for the threat actor group, or groups, behind these and other documented attacks referenced later in this report. We say group or groups ...

  • FBI’s new ransomware warning: Don’t pay up, but if you do, tell us about it

    October 3, 2019

    After a spate of ransomware attacks on government organizations, the FBI has come up with a new stance on paying up ransomware demands. The latest groups to be targeted by high-value ransomware attacks are hospital organizations in Alabama, USA, and Victoria, Australia. Both resulted in hospitals turning away non-critical patients as employees worked to restore IT systems. The attacks on ...

  • The Eye on the Nile

    October 3, 2019

    Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning them that government-backed attackers attempted to steal their passwords. According to the report, the attackers did not rely on traditional phishing methods or credential-stealing payloads, but rather ...

  • Hack Breaks PDF Encryption, Opens Content to Attackers

    October 2, 2019

    Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content  — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...

  • HQWar: the higher it flies, the harder it drops

    October 2, 2019

    Mobile dropper Trojans are one of today’s most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers’ main task is to deliver payload while sidestepping the ...

  • Tax and PII records of 20 million Russians stored without encryption, leaked online

    October 2, 2019

    Over 20 million tax records belonging to Russian citizens were left unprotected and exposed through an online database accessible to the public, researchers say. This week, cybersecurity researchers from Comparitech, in partnership with Bob Diachenko, said that the unsecured server contained highly sensitive information spanning from 2009 to 2016. The Amazon Web Services (AWS) Elasticsearch cluster, which was ...

  • Dutch police take down hornets’ nest of DDoS botnets

    October 2, 2019

    Dutch police have taken down this week a bulletproof hosting provider that has sheltered tens of IoT botnets that have been responsible for hundreds of thousands of DDoS attacks around the world, ZDNet has learned. Servers were seized, and two men were arrested yesterday at the offices of KV Solutions BV (KV hereinafter), a so-called bulletproof hosting provider, ...

  • Securing the Industrial Internet of Things: Addressing IIoT Risks in Healthcare

    October 2, 2019

    The constant quest for prolonging and preserving human life has continually driven technologies to develop groundbreaking innovations in the delivery of healthcare services and state-of-the-art treatments. Like in many other enterprises, the industrial internet of things (IIoT) has rapidly transformed the network and data infrastructure in health and medicine. With the IIoT, medical data and information have ...

  • FDA Warns Against URGENT/11 Vulnerabilities Affecting Medical Devices and Hospital Networks

    October 1, 2019

    The U.S. Food and Drug Administration (FDA) is informing patients, health care providers and facility staff, and manufacturers about cybersecurity vulnerabilities that may introduce risks for certain medical devices and hospital networks. The FDA is not aware of any confirmed adverse events related to these vulnerabilities. However, software to exploit these vulnerabilities is already publicly ...

  • New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

    October 1, 2019

    Trend Micro found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign ...