News – September 2019


  • New Bug Found in NSA’s Ghidra Tool

    September 30, 2019

    A medium severity bug reported on Saturday impacts Ghidra, a free, open-source software reverse-engineering tool released by the National Security Agency earlier this year. The vulnerability allows a remote attacker to compromise exposed systems, according to a NIST National Vulnerability Database description. No fix is currently available. Despite the warning, researchers are downplaying the impact of the bug. ...

  • New SIM card attack disclosed, similar to Simjacker

    September 27, 2019

    A team of security researchers has detailed a second SMS-based attack that can allow malicious actors to track users’ devices by abusing little-known apps that are running on SIM cards. This new attack, named WIBattack, is identical to Simjacker, an attack disclosed at the start of the month by mobile security firm AdaptiveMobile. Both attacks work in the ...

  • Thousands of PCs Affected by Nodersok/Divergent Malware

    September 27, 2019

    New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own components but also takes advantage of existing tools to do ...

  • WhiteShadow downloader uses Microsoft SQL queries to deliver malicious payloads

    September 27, 2019

    Researchers have documented the emergence of a downloader that makes use of Microsoft SQL queries to pull and deliver malicious payloads. In August this year, Proofpoint researchers found the new, staged downloader, known as WhiteShadow, which is being used to deliver a variety of malware to vulnerable systems. The cybersecurity team said in a blog post on Thursday ...

  • Malware infection disrupts production at defence contractor plants in three countries

    September 27, 2019

    One of the biggest defence contractors in the world is having a very bad week after malware infected the company’s network and caused “significant disruption” at plants in three countries, the company said on Thursday. The infection took root on Tuesday, September 24, and affected Rheinmetall AG, a German corporation based in Düsseldorf, and one of ...

  • Arcane Stealer V Takes Aim at the Low End of the Dark Web

    September 27, 2019

    A general-purpose info-stealing malware is poised to make a splash in cybercrime circles, thanks to its market niche: It’s positioned as an ideal tool for low-skilled adversaries looking to get some skin in the game without having a lot of expertise. According to the Fidelis Threat Research Team (TRT), the Arcane Stealer V malware is an ...

  • Masad Spyware Uses Telegram Bots for Command-and-Control

    September 27, 2019

    A freshly discovered commercial spyware dubbed the “Masad Clipper and Stealer” is using Telegram bots as its command-and-control (C2) hub. Masad harvests information from Windows and Android users and also comes with a full cadre of other malicious capabilities, including the ability to steal cryptocurrency from victims’ wallets. According to an analysis from Juniper Threat Labs on ...

  • IFINSEC Financial Sector IT Security Conference and Exhibition

    September 24, 2019

    Press Release IFINSEC Financial Sector IT Security Conference and Exhibition (www.ifinsec.com) will be held on 12-13 November 2019 in Istanbul, Turkey. IFINSEC is a global and niche conference with its focus on IT Security technologies and solutions for the financial sector. IFINSEC is one of the most important conferences in EMEA region in its category. With ...

  • 17 US utility firms targeted by mysterious state-sponsored group

    September 24, 2019

    A mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29, Proofpoint reported today. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal ...

  • Russian state hackers rarely share code with one another

    September 24, 2019

    Russia’s state-sponsored hacking groups rarely share code with one another, and when they do, it’s usually within groups managed by the same intelligence service, a new joint report published today reveals. This report, co-authored by Check Point and Intezer Labs, is a first of its kind in its field. The two companies looked at nearly 2,000 ...

  • NHS staff issued with fresh cyber security guidance

    September 23, 2019

    NHS Digital has launched an organisation-wide cyber security campaign to provide staff with the most up-to-date guidance on how to avoid and mitigate potential cyber threats and data breaches. With the NHS being one of the biggest direct and indirect targets for cyber criminals, NHS Digital’s ‘Keep I.T. Confidential‘ campaign is hoping to educate the workforce on the ...

  • Hello! My name is Dtrack

    September 23, 2019

    Kaspersky Lab investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards ...

  • More Hidden App Malware Found on Google Play with over 2.1 Million Downloads

    September 23, 2019

    Malicious apps hide themselves after installation and aggressively display full-screen advertisements. In recent times we’ve seen multiple malicious apps found in the Google Play Store by various cyber security firms, including Symantec, yet this problem doesn’t seem to be dissipating. We have uncovered another wave of malicious apps in the Play Store which have been downloaded ...

  • xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

    September 23, 2019

    The first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were ...

  • Modern cyber security bears great resemblance to the Titanic disaster, says Stena CISO

    September 19, 2019

    Magnus Carling, CISO of worldwide conglomerate Stena AB, likened modern cyber security practices to the oversights which led to the Titanic disaster in 1912. Speaking at Cloudsec 2019, Carling told attendees “the iceberg was innocent. It wasn’t the iceberg that made Titanic sink”, before drawing some obvious comparisons between the famous sinking and modern cyber attacks. Carling ...

  • Universities a ‘huge target’ for nation-state attackers, warns NCSC

    September 19, 2019

    Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it’s important that these institutions remain cyber secure. Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside ...

  • Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites

    September 18, 2019

    Trend Micro discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains. Back in May, we discovered a ...

  • Rethinking Responsibilities and Remedies in Social-Engineering Attacks

    September 18, 2019

    In the pantheon of catchy cybersecurity slogans that should never have caught on, two about social engineering spring to mind almost immediately: “End users are the weakest link” and “attackers only have to be lucky once; defenders have to be lucky all the time.” Both of those statements have been repeated by practitioners for time ...

  • Milipol Paris 2019: Ali Soufan and Kumar Ramakrishna: Two international experts in the fight against terrorism to speak at the opening conference

    September 18, 2019

    Milipol Paris 2019, the international event for homeland security and safety, will take place from 19 to 22 November 2019, at the Paris-Nord Villepinte exhibition centre. More than 1,000 exhibitors and 30,000 visitors are expected at stands, workshops, demos and the new Innovation and Research stage. For its 21st edition, the opening conference will feature two ...

  • Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)

    September 18, 2019

    Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to take over Harbor registries by sending them a malicious request. The maintainers of Harbor released a patch that closes this critical security hole. Versions 1.7.6 and 1.8.3 include this fix. Unit 42 has ...