News – September 2019


  • IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador’s History

    September 18, 2019

    Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country’s history. Personal records of more than 20 million adults and children, both dead and ...

  • Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month

    September 18, 2019

    Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer viruses ...

  • Assessing the impact of protection from web miners

    September 17, 2019

    Kaspersky Lab present the results of evaluating the positive economic and environmental impact of blocking web miners with Kaspersky products. The total power saving can be calculated with known accuracy using the formula <w>·N, where <w> is the average value of the increase in power consumption of the user device during web mining, and N is ...

  • The Legend of Adwind: A Commodity RAT Saga in Eight Parts

    September 17, 2019

    In early 2012, a developer started selling the first of the Adwind family, Java-based remote access tools (RATs), called “Frutas.” In the ensuing years, it has been rebranded at least seven times. Its other names have included Adwind, UnReCoM, Alien Spy, JSocket, JBifrost, UnknownRat, and JConnectPro. The Adwind RAT family remains prevalent in the wild. Palo ...

  • Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks

    September 13, 2019

    Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually effective email and network security layers. The attack starts with an ...

  • Hacking LED Wristbands: A ‘Lightning’ Recap of RF Security Basics

    September 13, 2019

    Early this year, we published a security analysis of industrial radio remote controllers. In that research, we examined different vulnerabilities in the implementation of radio frequency (RF) communication and the possible impact of an attack on these weaknesses. We believe that RF security research is of great importance especially in light of the realization that a growing ...

  • UNICEF leaks personal data of 8,000 users

    September 12, 2019

    The United Nations’ children’s agency UNICEF has leaked thousands of individuals’ personal data through its online learning portal Agora. An email was mistakenly sent on 26 August to 20,000 Agora users containing the private data belonging to 8,253 people who enrolled on the platform’s immunisation courses. Agora offers courses on child rights, humanitarian action, data, research and ...

  • Simjacker attack exploited in the wild to track users for at least two years

    September 12, 2019

    Security researchers have disclosed today an SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals. “We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals,” security researchers from AdaptiveMobile Security said in a report released today. “We ...

  • Threats to macOS users

    September 11, 2019

    The belief that there are no threats for the macOS operating system (or at least no serious threats) has been bandied about for decades. The owners of MacBooks and iMacs are only rivaled by Linux users in terms of the level of confidence in their own security, and we must admit that they are right ...

  • Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack

    September 11, 2019

    Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH); but, luckily, such an attack would be difficult to launch. The attack, disclosed on Tuesday and dubbed NetCAT (short for Network Cache ...

  • Feds Indict 281 People for Involvement in Massive Email Fraud Scheme

    September 11, 2019

    Federal authorities have arrested 281 people and seized nearly $3.7 million in a coordinated effort between multiple agencies to disrupt a massive email-fraud scheme. Perpetrators of a global business email compromise (BEC) scheme were the target of a four-month investigation that began in May called Operation reWired, a coordinated effort by the U.S. Departments of Justice (DoJ), ...

  • Microsoft patches two zero-days in massive September 2019 Patch Tuesday

    September 10, 2019

    Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday. Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited in the wild before Microsoft released fixes. The two zero-days are CVE-2019-1214 and CVE-2019-1215. Both are ...

  • Uncovering IoT Threats in the Cybercrime Underground

    September 10, 2019

    Amid the growth of the internet of things (IoT), manufacturers and integrators are testing the limits of how the technology can be applied, as seen in how new forms of connected devices are hitting the market. Some applications play critical roles in industries while others provide more convenience for consumers. The wide spectrum of IoT ...

  • Thrip: Ambitious Attacks Against High Level Targets Continue

    September 9, 2019

    Symantec’s Targeted Attack Analytics uncovers new attack campaigns in South East Asia. Since Symantec first exposed the Thrip group in 2018, the stealthy China-based espionage group has continued to mount attacks in South East Asia, hitting military organizations, satellite communications operators, and a diverse range of other targets in the region. Many of its recent attacks have involved ...

  • ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

    September 9, 2019

    Exploit kits may no longer be as prolific as it was back when their activities were detected in the millions, but their recurring activities in the first half of 2019 indicate that they won’t be going away any time soon. The Rig exploit kit, for instance, is known for delivering various payloads — such as downloader trojans, ransomware, cryptocurrency-mining malware, and information stealers — whose ...

  • Critical Exim Flaw Opens Millions of Servers to Takeover

    September 9, 2019

    Researchers are urging users to upgrade their Exim servers immediately after millions of servers were found to be vulnerable to a critical flaw that could allow a remote, unauthenticated attacker to take full control of them. Exim, which is free software used on Unix-like operating systems (including Linux or Mac OSX) serves as a mail transfer ...

  • Newly discovered cyber-espionage malware abuses Windows BITS service

    September 9, 2019

    Security researchers have found another instance of a malware strain abusing the Windows Background Intelligent Transfer Service (BITS). The malware appears to be the work of a state-sponsored cyber-espionage group that researchers have been tracking for years under the name of Stealth Falcon. The first and only report on this hacking group has been published in 2016 by ...

  • Cyber-security incident at US power grid entity linked to unpatched firewalls

    September 9, 2019

    A cyber-security incident that impacted a US power grid entity earlier this year was not as dangerous as initially thought, the North American Electric Reliability Corporation (NERC) said last week. In a report highlighting the “lessons learned” from a past incident, NERC said hackers repeatedly caused firewalls to reboot for about ten hours, on March 5, ...

  • An inside job: The human factor of cybersecurity

    September 9, 2019

    As businesses continue their digital transformation, ensuring the sensitive information they handle always remains safe and secure is now a priority. However, even deploying just the latest cybersecurity applications might not enough to offer full protection. The latest research from the Telstra 2019 Security Report makes for worrying reading as it concludes 89% of cybersecurity risks are ...

  • China’s APT3 Pilfers Cyberweapons from the NSA

    September 6, 2019

    Large portions of APT3’s remote code-execution package were likely reverse-engineered from prior attack artifacts. The advanced persistent threat (APT) group known as APT3, which researchers across the board link to the Chinese government, has built a full in-house battery of exploits and cybertools collectively dubbed “UPSynergy.” An analysis of the toolkit has uncovered a geopolitical cat-and-mouse spy ...