Robert Mueller will testify, malware wrecks IoT, and more of the week’s top security news. …
Jeff Elder, 29 June 2019 ‘Typosquatting’ scam swiped users’ credentials, but agencies tracked suspects in the UK and the Netherlands This week Europol coordinated the arrests of six suspects in two nations accused of running a cryptocurrency ring that stole at least $28 million in Bitcoins. Europol spokesperson Claire Georges told The Avast Blog that […]
Hackers believed to be working for Western intelligence agencies breached the systems of Russian tech giant Yandex last year as part of an attack that involved a new variant of the Regin malware, Reuters reported on Thursday. Reuters learned from four sources that the breach occurred between October and November 2018, it targeted Yandex’s research […]
by Paul Ducklin Have you heard of a cryptocurrency outfit called Luno? We hadn’t heard of it until today – there are lots of cryptocoin companies out there, after all – but cybercrooks certainly had. According to its own website, Luno (it’s the word for moon in the constructed global language Esperanto, in case you’re […]
Google knows more about you than you might think. Here’s how to keep it from knowing your location, web browsing, and more….
The website of financial services company First American Financial until recently exposed hundreds of millions of documents containing sensitive information, security blogger Brian Krebs reported on Friday. According to its Wikipedia page, First American Financial is “a leading provider of title insurance and settlement services to the real estate and mortgage industries.” Krebs learned from […]
TechCrunch reported that the Chinese company TP-Link had not addressed a vulnerability in its routers first discovered in 2017. This week TechCrunch reported that the Chinese company TP-Link had not addressed a vulnerability in its routers first discovered in 2017. The issue allows hackers to remotely take control of the routers by guessing weak default […]
Baltimore ransomware, a Trump golf hack, and more of the week’s top security news….
Kaspersky Lab researchers have uncovered a worrying rise in malware designed to steal credentials and money from users’ bank accounts: in Q1 2019, researchers found 29,841 files of such malware, up from 18,501 in Q4 2018. Overall, attacks on more than 300,000 users were detected. These are among the main findings of Kaspersky Lab’s IT […]
Canadian authorities announced last week that Defiant Tech Inc., the company that ran LeakedSource, pleaded guilty to trafficking identity information and possession of property obtained through crime. According to the Royal Canadian Mounted Police (RCMP), Defiant Tech entered a guilty plea one year and a half after charges were brought as part of a law […]
Three years after the DNC hack, a new report finds that political parties around the world have ongoing security flaws that leave them vulnerable to attack….
Three-fifths (59%) of consumers would feel more secure if their personal information was protected by their fingerprint Despite the introduction of the General Data Protection Regulation (GDPR) in May last year, research from IDEX Biometrics Asa has revealed UK consumers don’t feel their personal information is any safer. In fact, 84% of respondents don’t think GDPR […]
Google announced on Wednesday that it’s offering a free replacement for its Titan Security Key dongles following the discovery of a potentially serious vulnerability. The Titan Security Key is designed to help users protect themselves against phishing attacks and account takeover by using FIDO standards for two-factor authentication (2FA). The product uses cryptography to verify […]
School lunches exec faces felony charges related to the hacking of his rival’s network to expose weak security Every form of crime seems to invade the world of cybersecurity. Sooner or later that had to include the age-old childhood bullying trauma of school lunch theft. Except in this case the pilfered prize was data, not […]
The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called “The Community” and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a method known as “SIM Swapping.” According to the […]
It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind. The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor. A ship’s mast carrying the Danish flag is planted by the building’s northeastern corner, and six stories of blue-tinted windows […]
Співробітники Служби безпеки України викрили у Хмельницькому організовану групу, яка створила механізм із протиправного отримання та збуту інформації з обмеженим доступом з автоматизованих систем митниці ДФС України «Інспектор-2006». Оперативники СБ України встановили, що працівник спецпідрозділу КОРД ГУ Національної поліції в Хмельницькій області організував за «допомогою» двох працівників місцевої митниці систематичний збут приватним особам інформації з обмеженим […]
In Xinjiang, northwest China, the government is cracking down on the minority Muslim Uyghur population, keeping them under constant surveillance and throwing more than a million people into concentration camps. But in Istanbul, 3,000 miles away, a community of women who have escaped a life of repression are fighting a digital resistance….
After recent high-profile dark web drug market takedowns, new vendors are already filling the void….
Sumo Logic, a SaaS machine data analytics platform provider, today announced that it has secured $110 million through a funding round led by Battery Ventures. The latest funding brings the total amount raised by the Redwood City, Calif.-based tech company to $345 million, with a current valuation over $1 billion. Founded in 2010, Sumo Logic […]
Once again, we are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive from our efforts to protect all of our customers against every type of […]
DNSMon is a network-wide DNS malicious domain analysis system we build here at 360Netlab. With the 10%+ total DNS traffic coverage in China, plus the other multi-dimensional security data and security analysis capabilities we have accumulated over the years, we can “see” what is happening in the whole network in real time from a unique […]
What makes an algorithm mistake a helicopter for a gun? Researchers think the answer has to do more with man than machine….
In honor of World Telecommunication and Information Society Day, celebrated annually on May 17, CRDF Global is partnering with the Cyber School in Ukraine to host a forum-hackathon, Cyber Education Day: Catalyzing Digital Resistance in Ukraine. The aim of this event is to support the integration of Ukrainian cybersecurity (CS) students into the CS community. Students will […]
Turla APT found exploiting LightNeuron backdoor, a first of its kind targeting Microsoft Exchange email servers. A Russian cyber-espionage group has developed and has been using one of the most complex backdoors ever spotted on an email server, according to new research published today by cyber-security firm ESET. The backdoor, named LightNeuron, was specifically designed […]
Google has a new feature that lets you delete your web and app activity after three months. Here’s how to use it….
Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by […]
How a “secret” hackable bug found by the NSA was used over by Chinese, North Korean, and Russian hackers to wreak havoc….
Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed. pic.twitter.com/AhgKjiOqS7 Israel Defense […]
The Kostebek is a reconnaissance tool which uses firms’ trademark information to discover their domains. Installation Tested on Kali Linux 2018.2, Ubuntu 16.04 sudo apt-get -y install python3-pip pip3 install -r requirements.txt download latest version of Chromedriver and configure your driver-path #sudo apt-get install unzip #sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ download latest version […]
On Sunday, Israeli forces bombed a building that allegedly housed an active Hamas hacking group—a potential first for cyberwar….
Wyzant—an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing “certain personal identification information” for its customers. The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals […]
Israel military said it bombed building housing Hamas cyber forces. For the first time, Israel has used brute military force to respond to a Hamas cyber-attack, three years after NATO proclaimed “cyber” an official battlefield in modern warfare. The “bomb-back” response took place on Saturday when Israel Defense Forces (IDF) launched an air-strike against a […]
Щомісячно за рекламу на піратських онлайн кінотеатрах зловмисники отримували кілька тисяч доларів, які розподіляли між собою. Один зі спільників – діючий співробітник фіскальної служби України. Наразі за місцем проживання зловмисників та у одному із регіональних управлінь Державної фіскальної служби України проведено обшуки. Роботу усіх чотирьох піратських ресурсів припинено.Працівники Департаменту кіберполіції спільно зі слідчими Головного слідчого […]
by Paul Ducklin Update. Shortly ater publishing this article we were able to fetch Firefox 66.0.4, which claims to fix this issue by repairing a broken certificate chain. We haven’t yet received notification of an update to the Tor Browser, but we expect to see one soon. [2019-05-05T22:15Z] It’s a long weekend here in the […]
Catch up on the most important news today in 2 minutes or less….
Facebook is banning several prominent figures it regards as “dangerous individuals”. The social network accused Alex Jones, host of right-wing conspiracy website InfoWars, its UK editor Paul Joseph Watson and ex-Breitbart News editor Milo Yiannopoulos of hate speech. Louis Farrakhan, the Nation of Islam leader who has expressed anti-Semitic views, will also be excluded. Facebook […]
MegaLocker encrypts a victim’s files using AES-128 ECB, and adds the extension “.nampohyu” to files. The ransom note “!DECRYPT_INSTRUCTION.TXT” instructs the victim to go to a Tor website to contact the criminals. The text of the ransom note can be found below: What happened to your files ? All of your files were protected by […]
Initiatives include cyber aptitude assessments for agency insiders and a President’s Cup cybersecurity competition. The White House launched its latest effort to bolster the government’s cybersecurity workforce. President Trump issued an executive order Thursday that introduces new initiatives and expands existing national efforts aimed to “grow and strengthen” America’s cyber workforce. The programs laid out in […]
by John E Dunn When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram. There’s nothing new in malware piggybacking on popular services but why Twitter and Telegram, and is the recent migration to secure messaging significant? […]
DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just require your Github Access Token to fetch the information. INSTALL Download the DumpTheGit repository into […]
Audit Finds Weaknesses in TSA’s Pipeline Security Program Management The U.S. Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) needs to address weaknesses in the management of key aspects of its pipeline security program, an audit from the Government Accountability Office (GAO) shows. The TSA is responsible for the federal oversight of the physical […]
In April 2019, researchers Dmitry Chastuhin and Mathieu Geli presented a talk at the OPCDE Cyber Security Conference about two pieces of exploit code that allow anyone to interact with SAP and perform unauthorized transactions. For example, attackers could use the code to shut down an entire SAP system, execute commands as the operating system […]
If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers. Dell SupportAssist, formerly known as Dell System Detect, checks the health of your […]
This blog post is sponsored by DomainTools. For more information and product trials please visit https://securityweekly.com/domaintools. Malicious or Not? The above question runs through the brains of SOC analysts across the world multiple times per day. When you are analyzing security events looking for the “bad” things, you often come across a domain that requires […]
The League of Legends game and human psychology are two things we don’t often associate with cybersecurity.As an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general.Thus, when I began teaching security awareness and being a […]
A recently detected variant of the AESDDoS botnet malware is targeting a recent vulnerability Atlassian’s collaborative software Confluence, Trend Micro’s security researchers have discovered. The attack attempts to exploit a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Confluence Server to install malware capable of performing distributed denial of service (DDoS) attacks, […]
Mueller report fallout, a biometrics database, and more of the week’s top security news….
Avast Security News Team, 27 April 2019 A hacker broke into ProTrack and iTrack vehicle-tracking GPS services to extort “reward” money and reveal the systems’ vulnerabilities. A hacker with the username “L&M” has infiltrated two GPS vehicle-tracking services, ProTrack and iTrack, gaining access to more than 27,000 accounts in South Africa, Morocco, India, the Philippines, […]
Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company’s single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately. The breach […]
Aebi Schmidt, Swiss manufacturer of the vehicles that clean and makes runways worldwide safe for planes to land on, has been hit by ransomware, systems going down across company networks following the attack. Manufacturing operations connected to the network were rendered unresponsive, forcing workers to be sent home. Ronan David, VP of Business Development at EfficientIP: “This […]
A new report from Blancco Technology Group has warned that those looking to make some money by selling used storage drives may be putting themselves at risk of falling victim to cybercrime. As detailed in Privacy for Sale: Data Security Risks in the Second-Hand IT Asset Marketplace, Blancco, in conjunction with Ontrack, analysed 159 leading brand drives purchased through […]
Vulnerabilities discovered by a researcher in a peer-to-peer (P2P) system named iLnkP2P expose millions of cameras and other Internet of Things (IoT) devices to remote attacks from the Internet, and no patches are available. Paul Marrapese, a California-based security engineer, discovered two serious flaws in iLnkP2P, a system developed by Chinese firm Shenzhen Yunni Technology […]
A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly […]
Effective threat management requires security teams to combine security analytics with the abundance of machine-generated data that is prevalent in most enterprise environments. Tools such as network traffic analysis, endpoint detection, security information and event management (SIEM), and user behavior analytics (UBA) harvest this data and reveal who is doing what in the IT environment […]
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about schemes used in phishing and other email-based attacks. Also, learn how ransomware continues to make a significant impact in the threat landscape. Read on: New […]
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support […]
At a time when cybersecurity careers should be flourishing — the pay is good, opportunities abound and many colleges now offer degrees in security — positions remain unfilled. ISACA’s “State of Cybersecurity 2019” survey revealed that 58 percent of organizations have unfilled security positions and 32 percent said it takes at least six months to […]
While foreign phone carriers are sharing data to stop SIM swap fraud, US carriers are dragging feet….
by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating […]
by Lisa Vaas True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors. The Copenhagen Post quoted Jonathan Jørgensen: It’s difficult to imagine that […]
Canada’s privacy czar said Thursday that he is taking Facebook to court after finding that lax practices at the social media giant allowed personal information to be used for political purposes. A joint report from privacy commissioner Daniel Therrien and his British Columbia counterpart said major shortcomings were uncovered in Facebook’s procedures. It called for […]
Threat Research Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to […]
by Paul Ducklin A US security researcher has come up with an open-source Windows backdoor that is loosely based on NSA attack code that leaked back in 2017 as part of the the infamous Shadow Brokers breach. The researcher, who goes by @zerosum0x0 online and Sean Dillon in real life, has dubbed his new malware […]
You know those ads hawking bogus brain pills? Security researchers just helped take out a bunch of the spammers behind them….
Facebook said it expects a fine of up to $5 billion from the Federal Trade Commission, which is investigating whether the social network violated its users’ privacy. The company set aside $3 billion in its quarterly earnings report Wednesday as a contingency against the possible penalty but noted that the “matter remains unresolved.” The one-time […]
Last month, I attended our biggest-ever Cisco Live Melbourne that saw over 8,300 people registered. It was an action-packed week filled with partner and customer meetings, media engagements, analyst dialogues, and coffee, lots of coffee. They say it takes a village to pull something this incredible off, and I have to agree. We kicked off […]
New research from Experis explores the impact of Internet of Things on the cyber security jobs market UK businesses are struggling to find the right blend of security skills to harness the power of the Internet of Things (IoT). This is according to the latest Experis Industry Insiders report, which examines how the growth of IoT is impacting the […]
By Marcus Harvey, Sales Director EMEA at Targus We’ve all heard of travelling light but what about travelling secure? Business not doing so well? Sales down? Margins are tight? No company would want their competitors or members of the public to know any of this information, but many of us would talk about it or […]
U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that’s reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a “geofence” warrant, authorities obtain location history of […]
by Danny Bradbury Malware isn’t the only toxin you can deliver to a computer via a USB key. Just ask Vishwanath Akuthota, who faces a potential ten-year stretch after frying at least 66 computers at his former college. Akuthota originally pled not guilty to intentionally damaging a protected computer at the College of St. Rose, in […]
A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing.
PCI DSS, or the Payment Card Industry Data Security Standard, is the set of regulatory requirements all organizations who process card payments must adhere to. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools.Let’s take a quick look at the […]
It has been reported that that a popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. The app allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. Experts Comments: […]
An aggressive group of supply chain hackers strikes again, this time further upstream….
Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more […]
[embedded content] This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of thousands of stores, and how attackers are weaponizing more vulnerabilities than ever before! In […]
Social media can provide vital information in a crisis, and there’s evidence that blocking it does more harm than good….
Threat Research In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control(C2). Since then, there have been several other public reports of additional DNSpionage attacks, and in January, the U.S. Department of […]
by Paul Ducklin Nokia’s funky new phone, known as the Nokia 9 PureView, has some very cool features. Five of them, in fact – five cameras, arranged on the back of the phone like a spider’s eye, capturing 12 megapixels each to make the device a snapper’s delight. The Nokia 9 also includes a fingerprint […]
The larger lesson of an ongoing Ethereum crime spree: Be careful with who’s generating your cryptocurrency keys….
Back in 2014, I wrote an article that highlighted that global Internet routing table passed the 512,000 or 512k route mark. Today we know that another significant milestone has been reached, as we passed the 768k route mark! Many have predicted Internet outages may be expected. In short, the “sky is not falling”. The possibility […]
The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. […]
by Paul Ducklin The featured image comes from @MalwareTechBlog, the Twitter feed of Marcus Hutchins. Louise Mensch is an independent British/American journalist. Remember the reluctant WannaCry hero? WannaCry was ransomware that made big headlines in mid-2017 for two important reasons. First, it was a true computer worm, or virus, that automatically propagated itself to the […]
Researchers have shown that even though Netflix encrypts its traffic, hackers can figure out your interactive movie choices….
Hunt Open MongoDB instances! Features Worlds fastest and most efficient scanner ( Uses Masscan ). Scans entire internet by default, So fire the tool and chill. Hyper efficient – Uses Go-routines which are even lighter than threads. Pre-Requisites – Go language ( sudo apt install golang ) Masscan ( sudo apt install masscan ) Tested […]
Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry […]
Customers of fast food chain Chipotle are reported by TechCrunch to have had their accounts hacked. The company says it believes credential stuffing might be the cause, but some customers have said their passwords are unique to the Chipotle account, and others note that they don’t have accounts and used Chipotle’s guest checkout. Ameya Talwalkar, Co-founder and CPO at Cequence: “Without fully […]
Hackers, going by the online name of Lab Dookhtegan, have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government. Alexander Heid, White Hat Hacker and Chief Research Officer at SecurityScorecard: “Now that these scripts are public, they will likely be leveraged by cybercriminal groups […]
Do you remember your first mobile phone, and the newfound feelings of connectedness and convenience that came with it? I was one of the first in my circles to have a cellular phone. One of the coolest features my phone and network could support was the receipt of short email messages — no send capabilities. […]
Local and national weather forecast provider The Weather Channel suffered a ransomware attack that temporarily prevented it from going live on the air. Regular viewers got a surprise when they tuned into The Weather Channel on the morning of 18 April. They were expecting to watch “AMHQ,” the network’s live morning show which begins at […]
By Vitaly Simonovich and Dima Bekerman DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently investigated a DDoS attack which was […]
The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly […]
DNS hijacking isn’t new, but this seems to be an attack of unprecedented scale: Researchers at Cisco’s Talos security division on Wednesday revealed that a hacker group it’s calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise […]
Vishwanath Akuthota’s USB stick contained an unusually destructive payload. The post Man fried over 50 college computers with weaponized USB stick appeared first on The State of Security.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware. Read on: Is Your Baby Monitor […]
Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC Intel: Wire, Logs, Endpoint! To get involved with ExtraHop, vist: https://securityweekly.com/extrahopFull Show Notes […]
Bad actors used a ransomware attack to target the Israeli offices of the customer engagement and digital intelligence company Verint.On 17 April, ZDNet received a screenshot taken by an employee who works at one of Verint’s Israeli offices. The screenshot shows what appears to be a warning message which the data intelligence firm displayed on […]
A new ransomware family called ‘NamPoHyu Virus’ or ‘MegaLocker Virus’ is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt over half a million accessible Samba servers. Roy Rashti, Cybersecurity Expert at BitDam: “The reason that the attackers […]
In the Ponemon Institute’s fourth annual study on “The Cyber Resilient Organization,” cyber resilience is defined as the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks. Every organization strives for more cyber resilience. What the Ponemon study uncovered is that there is a set of habits or practices […]
Investigators from the New York district attorney’s office stumbled across dark web drug vendor “sinmed” thanks to suspicious ATM transactions….
On April 6, 2019, a ten-bit counter rolled over. The counter, a component of many older satellites, marks the weeks since Jan 1, 1980. It rolled over once before, in the fall of 1999. That event was inconsequential because few complex systems relied on GPS. Now, more systems rely on accurate time and position data: […]
There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the Internet of Things (IoT), new and unsuspected threats […]
The Cuomo administration has launched a survey to give New Yorkers an opportunity to provide feedback about online data privacy issues. Democratic Gov. Andrew Cuomo announced Tuesday that information provided through an online consumer data privacy survey will help state regulators make policy decisions regarding the internet marketplace and how personal data is used by […]
[embedded content] This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let’s understand how the security market is doing. SCWX Secureworks PANW Palo Alto Networks Inc CHKP Check Point Software […]
[embedded content] Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. Full Show Notes Matt Alderman – CEO, Security Weekly. Register for […]
FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good — but older — article on Triton. We don’t know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations. Fireeye report. BoingBoing […]
by John E Dunn For nearly a week, Instagram users have been receiving odd messages from followers expressing shock that their accounts have somehow ended up on something called the “Nasty List.” If you receive one, the message with an embedded link will look something like the following example (the list and placement numbers vary): […]
Hackers breached Microsoft email services (Outlook.com, Hotmail, MSN) and accessed user accounts after compromising a support agent’s credentials, Microsoft has confirmed. In a breach notification sent to impacted users, the software giant revealed that hackers had access to its email services for roughly three months this year, between January 1 and March 28. Microsoft informed […]
Hackers spent months with full access to Outlook, Hotmail, and MSN email accounts—and got in through Microsoft’s customer support platform….
Threat Research Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers, and remote access trojans (RATs) has magnified this threat by […]
It’s no secret that Google tracks you everywhere, even when you keep Google’s Location History feature disabled. As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude. According to Google, the company […]
Recently, Google Play Store and Microsoft Store both deleted multiple applications from their online stores, because the apps were malicious. Google deleted a total of 29 beauty camera apps from its Play Store, most of which show users pornographic contents or send them to phishing websites. The malicious beauty camera apps, discovered by Trend Micro, looked legitimate, but […]
In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. It was the fifth consecutive exploited Local Privilege Escalation vulnerability in Windows that we have discovered in recent months […]
Do you ever hear those stories from your parents along the lines of “when I was young…” and then there’s a tale of how risky life was back then compared to today. You know, stuff like having to walk themselves to school without adult supervision, crazy stuff like that which we somehow seem to worry […]
A step-by-step guide to installing Google Rapid Response server on Ubuntu. Introduction GRR (Google Rapid Response) is an incident response framework based on Python that can be used for live forensics and investigations. It allows you to examine and attacks and perform analysis remotely. GRR can be deployed in a server-client architecture. It comes with […]
by Paul Ducklin Oculus, Facebook’s virtual reality subsidiary, has fessed up to what might be the weirdest ever data leak. OK, so it might not actually be a data leak at all, even though messages that weren’t supposed to be released seem to have got out. And even if it is a data breach, it’s […]
Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. The ne’er-do-well who set up the account below has been paying $550 […]
Microsoft has been collaborating with researchers linked to a Chinese military-backed university on artificial intelligence, elevating concerns that US firms are contributing to China’s high-tech surveillance and censorship apparatus. Over the past year, researchers at Microsoft Research Asia in Beijing have co-authored at least three papers with scholars affiliated with China’s National University of Defence […]
Making the internet safer, especially for children and vulnerable individuals, is a decidedly noble pursuit. Doing so, however, would certainly be a considerable undertaking, and not without significant ethical, legal, and societal concerns. In an ambitious effort to make the internet a safer place for people to interact and communicate, the UK government has laid […]
The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details. It blamed an “administrative error” for sending an email that revealed 240 personal email addresses – a likely breach of the Data Protection Act. The Home Office sent the email on Sunday 7 April asking applicants, who […]
If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with […]
Plus: Wi-Fi vulnerabilities, Silk Road 2’s founder, and more of the week’s top security news….
[embedded content] In the news, Bitcoin mining ban considered by China’s economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks. Paul’s Stories […]
[embedded content] Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a […]
Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country’s controversial Data Localization law. It’s bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that […]
A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations. Having customers define this aspect of their security until now has resulted in a huge number of configurations, and Microsoft is now looking to simplify the process while still providing customers with flexibility. The […]
A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations. Having customers define this aspect of their security until now has resulted in a huge number of configurations, and Microsoft is now looking to simplify the process while still providing customers with flexibility. The […]
A leadership void at DHS means the White House is calling the shots where it wants to, cybersecurity experts warn, and other agencies can muscle in where it won’t….
Catch up on the most important news today in 2 minutes or less….
With news that Amazon lets human employees listen to Alexa recordings, you might want to tighten up your smart assistant ship….
Google Boosts Security of Google Cloud Google this week announced a series of tools meant to increase the overall security of Google Cloud and improve customer trust in the service. The new functionality will allow users to gain better visibility into their environments, detect threats and accelerate response and remediation, mitigate data exfiltration risks, ensure […]
Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft. As first disclosed by […]
If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video editing and converting app with […]
More and more, organizations and end users are embracing encryption to protect their data and traffic. By far the most visible part of this adaptation is the use of Hypertext Transfer Protocol Secure (HTTPS) for accessing websites. As opposed to the more basic HTTP, which is the plain text version, HTTPS makes use of Transport […]
Flame, the nation-state-developed malware kit that targeted computers in Iran, has reemerged after going quiet when researchers exposed it back in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform. Tracing early components of Flame, researchers found a new […]
Posted by Nicolas Lidzborski, Senior Staff Software Engineer, Google Cloud and Nicolas Kardas, Senior Product Manager, Google Cloud We’re excited to announce that Gmail will become the first major email provider to follow the new SMTP MTA Strict Transport Security (MTA-STS) RFC 8461 and SMTP TLS Reporting RFC 8460 internet standards. Those new email security standards […]
Google’s Data Loss Prevention tool finds and redacts sensitive data in the cloud. A new user interface makes now makes it more broadly accessible….
Security firm FireEye is naming a collection of tools it says might help identify more of the digital saboteurs’ intrusions….
The TajMahal spyware includes more than 80 distinct spy tools, and went undetected for five years….
Executive summary ‘TajMahal’ is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named ‘Tokyo’ and ‘Yokohama’. It includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers, and even its […]
Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player. […]
[embedded content] In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code, Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution, Computer virus alters cancer scan images, A Serious Apache server bug gives root to baddies in shared host environments, Cybercrime Groups Are Still Rampant on Facebook, 90% of OT organizations are cyberattack […]
The Chamois botnet once infected 20 million Android devices. Here’s how Google finally tore it up….
A team of researchers has demonstrated that hackers can modify 3D medical scans to add or remove evidence of a serious illness, such as cancer. Experts from the Ben-Gurion University and the Soroka University Medical Center, Beer-Sheva, in Israel have developed proof-of-concept (PoC) malware that uses a machine learning technique known as generative adversarial network […]
You may think that cybercrime takes place in hidden corners of the Internet, where the malicious actors lurk in dark web forums and utilize heavily encrypted networks that require complicated software and extensive authorizations just to access. Unfortunately, that’s not always the case. Sometimes such activity takes place in very public places, such as social […]
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about security threats directed at smart manufacturing environments. Also, learn why malware installed from the Android app store increased by 100% last year. Read on: Security […]
Who needs the dark web? Researchers found 74 groups offering stolen credit cards and hacking tools with simple Facebook searches….
Avast Security News Team, 5 April 2019 Beware Game of Thrones pirated episodes and a new malware called Xwo, Georgia Tech students are exposed in a breach, and AriZona Iced Tea suffers a steep cyberattack. Winter is coming for GoT pirates With the popular HBO show returning this month, cybersecurity experts warn Game of Thrones […]
An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly ordered the execution of a former bodyguard who was trying to […]
NVIDIA this week released security patches to address multiple vulnerabilities in the Tegra Linux Driver Package (L4T), including several flaws assessed with a “high” severity rating. The most important of the bugs is CVE‑2018‑6269, a vulnerability residing in the Tegra kernel driver (the issue features a CVSS score of 8.8). It affects the input/output control […]
Over 58,000 Android users had “stalkerware” installed on their phones last year, researchers from Kaspersky Lab have revealed today. Of these, more than 35,000 had no idea about stalkerware being present on their Android devices until they installed Kasperksy’s mobile antivirus, which flagged the infection. Kaspersky’s findings come to confirm a growing trend in the […]
BasBanke is a new Android malware family targeting Brazilian users. It is a banking Trojan built to steal financial data such as credentials and credit/debit card numbers, but not limited to this functionality. The propagation of this threat began during the 2018 Brazilian elections, registering over 10,000 installations to April 2019 from the official Google […]
Online scammers love to target taxpayers, and their schemes range from posing as the IRS to pushing malware and fake tech support….
A new variant of the XLoader Trojan is targeting Android devices by posing as a security application, and also attempts to infect iPhones and iPads through a malicious iOS profile, Trend Micro reports. Previously, the malware was observed posing as Facebook, Chrome, and other legitimate applications, in an attempt to trick users into downloading it. […]
Here we go again… Half a billion Facebook records including user names, passwords and likes posted publicly online. Facebook strikes again. In the latest security gaffe by the social media giant, over half a billion Facebook records have been found sitting in plain sight by third parties using Amazon’s cloud services. None of the cloud […]
Mobile config for Apple phishing, and re-spreading an updated malicious APK (MoqHao/XLoader) By GReAT on April 3, 2019. 4:30 pm One year has passed since we published the first blogpost about the Roaming Mantis campaign on securelist.com, and this February we detected new activities by the group. This blogpost is follow up on our earlier […]
More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants. It happened between May 2018 and March 2019. Including restaurants are all Buca di Beppo locations, a few […]
Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it – including illegal and non-ethical ones like the use of pirated stuff. The world is embracing the idea of paying for entertainment more and more with […]
There’s an oft-quoted saying: “History repeats itself.” For those that believe in the cyclical patterns that sometimes emerge over time, this aphorism definitely rings true. Today, we’ll be applying this type of thinking to the cybercrime realm. Over the course of hacker history, numerous trends have arisen, including those that hinge upon sophisticated approaches to […]
The credit card company has more details about its plan for a decentralized, universal digital ID, but questions remain….
The Homeland Security Department inspector general released a damning report about FEMA’s inability to safeguard the personal info of the people it helped….
Photo by Terje Pedersen / NTB scanpix One of the world’s largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an “extensive cyber attack” hit its operations, leaving companies’ IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, […]
The owner of Exactis, a 10-person firm that exposed a database including nearly every American, tells the story of his company’s downfall….
Facial recognition, DuckDuckGo on Chrome, and more security news this week….
This sounds like a good development: …a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with […]
Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who’s been known to sell access […]
Documents obtained by the ACLU show how ICE uses unofficial channels to access billions of license plate location data points—including some sanctuary cities….
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws […]
Mozilla has made public an encrypted file-sharing service with a self-destruct twist….
Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer […]
A surprisingly common password, an NSA spy program winds down, and more security news this week….
*Truth in a Post Truth World* takes a closer look at a team of remarkably resourceful investigative journalists….
Android users can now stop Facebook from tracking their location when they aren’t using the Facebook app….
Open memory defenses allow mischief from connected kit Analysis Computers have enough trouble defending sensitive data in memory from prying eyes that you might think it would be unwise to provide connected peripherals with direct memory access (DMA).… …
Despite fried RAID and deleted hard drives, Federal News Agency calls US Cyber Command attack a failure A Russian new service is claiming that US attacks on it and an organisation accused of state-sponsored trolling has left storage systems damaged and international servers wiped after multiple malware attacks.… …
Beta release of CAIQ-Lite, based on Whistic and CSA research, available for community review Seattle – March 1, 2019 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Whistic, the Complete Vendor Security Assessment Platform, today announced […]
If you’re running an old version of WinRAR, it’s a good time to patch. Hackers appear to be exploiting a serious bug in the file utility software by spreading secretly rigged file archives that install malware on people’s PCs. WinRAR users need to watch out. Hackers are starting to exploit a newly disclosed bug in […]
This piece is part 1 of our ongoing series on IoT security. Don’t forget to download the eBook to understand the IoT security gap and how your business needs to address it, today. The Internet of Things (IoT) is the natural progression of our affinity for connectivity and convenience — and the natural progression of […]
Not all hackers are bad guys. After all, a hacker is simply someone who figures how to repurpose a tool, a gadget, or a device to carry out a task the object wasn’t designed to do. Steve Wozniak was a hacker before he co-created Apple. Tesla, Turing, and DaVinci, are all hackers in their own […]
Active Directory information dumper via LDAP IntroductionIn an Active Directory domain, a lot of interesting information can be retrieved via LDAP by any authenticated user (or machine). This makes LDAP an interesting protocol for gathering information in the recon phase of a pentest of an internal network. A problem is that data from LDAP often […]
Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration. Quick-Start GuidePlease […]
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability (listed as a feature by Microsoft) allows a remote attacker to view his victim’s desktop without his consent, and even control it on-demand, using tools native to the operating system itself. Thanks to the […]
PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to aid penetration testers with red teaming, post-exploitation and lateral movement. Powershell was chosen as the base implant language as it provides all of the functionality and rich features without needing to introduce multiple third party libraries to the framework.In addition to […]
***Pentesing Tools That All Hacker Needs.*** HACKTRONIAN Menu : Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation Install The HACKTRONIAN Information Gathering: Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStrike Dork – Google Dorks Passive Vulnerability Auditor Scan A server’s Users […]
Python wrapper for tshark, allowing python packet parsing using wireshark dissectors.Extended documentation: http://kiminewt.github.io/pysharkPython2 deprecation – This package no longer supports Python2. If you wish to still use it in Python2, you can: Use version 0.3.8 Install pyshark-legacy via pypi Clone the pyshark-legacy [repo (https://github.com/KimiNewt/pyshark-legacy)], where bugfixes will be applied. Looking for contributors – for various […]
Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent versions of Windows (specifically this was developed and tested on Windows 10 17763). Bochs is used for providing deep introspection and device emulation. The Windows Hypervisor Platform […]
An open source tool to perform malware static analysis on Portable Executable Installation [email protected]:~$ git clone https://github.com/Th3Hurrican3/PEpper/[email protected]:~$ cd [email protected]:~$ pip3 install -r [email protected]:~$ python3 pepper.py ./malware_dir Screenshot CSV output Feature extracted Suspicious entropy ratio Suspicious name ratio Suspicious code size Suspicious debugging time-stamp Number of export Number of anti-debugging calls Number of virtual-machine detection calls […]
godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS.InstallationAll you would need are the godoh binaries themselves. Binaries are available for download from the releases page as part of […]
A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. RequirementsPython 3 is required and you can find all required modules in the requirements.txt file. Only tested on Python 3.7 but should work on other 3.x releases. No […]