News – September 2019


  • Terrorism, espionage, and cyber: ASIO’s omne trium perfectum

    September 6, 2019

    “I had to remind myself the other day that when 9-11 took place, of course, there were no tweets, it’s interesting. It only seems like yesterday. There was no social media as we know it today,” Australia’s Director-General of Security Duncan Lewis said during an address to the Lowy Institute. Since then, a lot has changed ...

  • Thousands of servers infected with new Lilocked (Lilu) ransomware

    September 6, 2019

    Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Infections have been happening since mid-July, and have intensified in the past two weeks, ZDNet has learned. Based on current evidence, the Lilocked ransomware appears to target Linux-based systems only. First reports date to mid-July, after ...

  • Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Campaign

    September 6, 2019

    In malware research, threat hunting and sharing of threat intelligence, such as exchanging indicators of compromise (IoCs) in the form of hashes (e.g., MD5s, SHA256s), are common industry practices and helpful for information security professionals. Researchers, for instance, would typically search for malware samples on VirusTotal using hashes. However, hashes have some characteristics that could ...

  • A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

    September 5, 2019

    A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month. The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks. According to a ...

  • New Bedford Hit With $5.3m Ransomware Demand

    September 5, 2019

    A Massachusetts city has revealed that cyber-criminals tried to hold its data ransom to the tune of more than $5m over the summer, in a sign of the growing risk to organizations from online extortionists. The city of New Bedford was hit with the popular Ryuk strain of ransomware in early July, encrypting data on over 150 ...

  • Poland pressured to say if it bought Israeli phone spyware

    September 4, 2019

    The Polish government is coming under pressure to clarify whether it has purchased sophisticated and potentially illegal phone surveillance technology that has been used to stifle dissent in other countries. Opposition lawmakers asked Prime Minister Mateusz Morawiecki whether the special services bought Pegasus, the spyware produced by NSO Group, an Israeli company. Morawiecki appeared to sidestep the ...

  • Hackers exploiting popular social engineering ‘toolkits’ to refine cyber attacks

    September 4, 2019

    Hackers are regularly using highly customisable online resources to add social engineering components to render their attacks more effective, according to new research from Malwarebytes. One website identified by the team features an expansive toolkit that has drawn more than 100,000 visits in the past few weeks, offering design and framework support to attackers. The resource, dubbed Domen, is built ...

  • BRATA Android RAT Steals Banking Info in Real Time

    September 4, 2019

    The RAT targets users via fake WhatsApp updates in Google Play. A powerful Android remote access tool (RAT) family dubbed BRATA is proliferating, with at least 20 different variants cropping up since it was first spotted in January. The majority of the binaries have been found in the official Google Play store, masquerading as updates for ...

  • Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

    September 4, 2019

    Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 “does not validate the existence of ...

  • ACSC helps power energy sector’s cybersecurity capabilities

    September 4, 2019

    The Australian Cyber Security Centre (ACSC) has plugged into energy sector organisations and government agencies to help power their cybersecurity capabilities. The nationwide program — which started in November 2018 – aims to improve the energy industry’s cyber threat resilience and responses. So far, the ACSC has provided cybersecurity incident response and exercise training, information exchange sessions on operational ...

  • ‘USBAnywhere’ Bugs Open Supermicro Servers to Remote Attackers

    September 3, 2019

    Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker ‘omnipotent’ control over a server and its contents. Authentication vulnerabilities in the baseboard management controllers (BMCs) of Supermicro X9-X11 servers have been discovered that allow a remote attacker to easily connect to a server and mount any virtual USB device of their choosing. The bugs, collectively dubbed USBAnywhere, ...

  • Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers

    September 3, 2019

    International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers. UPDATE Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure ...

  • Android Zero-Days Now Worth More Than iPhone Exploits

    September 3, 2019

    Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android. An Android zero-day exploit is now worth more than one for the iPhone on the global cyberweapons market. Exploit acquisition vendor Zerodium said Tuesday that it is willing to pay a whopping $2.5 million for a zero-click Android zero-day with persistence. ...

  • Fraudsters use AI voice manipulation to steal £200,000

    September 2, 2019

    Cyber criminals have used artificial intelligence (AI) and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of $243,000 (£201,000). In March this year, what is believed to be an unknown hacker group is said to have exploited AI-powered software to mimic the prominent business leader’s voice to fool his subordinate, the CEO of ...