• New Android virus replaces system files with malware
    Anti-virus company Dr Web has discovered a new type of malware that replaces pre-installed apps and system files on older Android devices with malicious applications. Android.Xiny is a trojan specifically aimed at devices that use older versions of Android – in the case of this exploit, version 5.1 and older. According to Dr Web, 26.1% of all Android devices use Android versions 4 or 5, meaning this exploit can target a large number of devices. Android.Xiny gains root access to the target device and then replaces system files. “If your device has been infected by a trojan of this kind, we recommend that you reflash your device with official firmware. However, don’t forget that reflashing a device deletes all user files and apps, so create backups before you proceed.” Alternatively, users can attempt to regain root access to their device using more complex techniques.Read More
  • Cryptomining Malware Vivin Uses Pirated Software as Attack Vector
    Vivin, a cryptomining malware that likes munching on Monero, is one of the many examples of such software roaming the dark corners of the Internet. Security researchers have been tracking it for the last couple of years, and it shows no sign of slowing down. Security researchers tracked the Vivin malware as it morphed, adapting to the market and to what the people were looking for. Users would download pirated materials and subsequently get infected with Vivin cryptomining malware, which was set to use 80% of the system’s processing power. Surprisingly, the bad actor wielding Vivin made little effort to hide his trail and was tracked by the researchers. “The length of historical activity by Vivin, the multitude of wallets and malware execution infrastructure, and the actor’s somewhat flippant attitude towards operational security suggest that the Vivin will attempt to continue their operations for the foreseeable future,” said the researchers.Read More
  • Magecart gang arrested in Indonesia
    Interpol and Indonesian police have arrested three men on suspicion of being part of a cybercrime group engaged in Magecart attacks. Magecart, also known as web skimming or e-skimming, is a form of cyberecrime where hacker groups plant malicious JavaScript code on online stores. Group-IB, another cyber-security company involved in fighting Magecart attacks, said it's been tracking the group under the name of GetBilling, the name of one of the JavaScript functions they used in their code. Group-IB, which was directly involved in the investigation and helped authorities track down the group, said the suspects used the stolen payment card data to buy goods, such as electronic devices or other luxury items, which they later tried to resell online in Indonesia at below the market prices. To hide their real location and identities, the group used VPN (virtual private network) services to access their command and control servers to retrieve the stolen card data. The GetBilling group also used stolen card data to pay for hosting services, again, trying to hide their real identities.Read More
  • Why every organisation needs cyber-risk assessments
    The World Economic Forum along with leaders and cybersecurity experts in the investment industry have developed a due care standard to guide investor responsibility in terms of cybersecurity. Conduct cyber due diligence: The investor conducts a business-relevant cybersecurity assessment of the target company in terms of people, processes and technology, as part of the due diligence evaluation and weighs the potential cyber risks against the valuation and strategic benefits of investment. What is the World Economic Forum doing on cybersecurity The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution.Read More
  • Hackers acting in Turkey’s interests believed to be behind recent cyberattacks
    The hackers have attacked at least 30 organisations, including government ministries, embassies and security services as well as companies and other groups, according to a Reuters review of public internet records. Victims have included Cypriot and Greek government email services and the Iraqi government's national security advisor, the records show. The officials said that conclusion was based on three elements: the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey; similarities to previous attacks that they say used infrastructure registered from Turkey; and information contained in confidential intelligence assessments that they declined to detail. All of the victims identified by Reuters had traffic to their websites hijacked - often traffic visiting login portals for email services, cloud storage servers and online networks -- according to the records and cybersecurity experts who have studied the attacks. While small-scale DNS attacks are relatively common, the scale of these attacks has alarmed Western intelligence agencies, said the three officials and two other U.S. intelligence officials.Read More
  • AVIRTEK Awarded $1 Million to Develop Tactical Cyber Immune System (TCIS)
    TUSCON, AZ / ACCESSWIRE / January 27, 2020 / AVIRTEK, Inc., is pioneering the development of cybersecurity products that can self-protect entire networks and beyond (users, computers, networks, data and applications) from any type of cyberattack. The award will allow AVIRTEK's TCIS technology that is analogous to the human immune system to provide a defense mechanism against non-self (i.e., malicious intruders) within the cyber environment. The tangible benefits to end users of TCIS are: (i) 24 by 7 continuous surveillance and enforcement of normal behavioral of computers, networks, users and applications; and (ii) Seamless recovery from security breaches without impacting the overall cyber system performance. With more than $7 Million dollars of non-dilutive funding from the DOD, AVIRTEK developed a disruptive Autonomic Cyber Security (ACS) technology inspired by the human immune system. "TCIS is developed based on Zero Trust Principle (ZTP) that assumes the behaviors of computing systems, networks, users and their applications are malicious until they are validated to be normal," Hariri said.Read More
  • Hackers hit firms with ransomware by exploiting Shitrix flaw
    About two weeks ago alarm bells rang over a newly-discovered (and unpatched) flaw in Citrix servers. The vulnerability, technically dubbed CVE-2019-19781 but also known as “Shitrix”, was found to be present on Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) commonly used on corporate networks.Then we discovered hackers were seemingly-altruistically inoculating vulnerable servers from further Shitrix attacks, but actually at the same time opening a secret backdoor to allow future cybercriminal campaigns.Things really took a bizarre twist when the Dutch press reported the threat of more traffic jams as government employees in The Netherlands were forced by the vulnerability to travel to work rather than log in remotely.And now?Read More
  • Average Cost To Recover From Ransomware Skyrockets To Over $84,000
    It’s getting more and more expensive for victims of ransomware attacks to recover. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand. Cybercriminals are no longer content to encrypt their victims’ data and demand payment for its decryption. Coveware notes that “this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.” Some victims of both Maze and Sodinokibi have had their data exposed. Experts are still unsure whether BitPyLocker is just turning up the fear factor or genuinely plans to release data if victims don’t cooperate.Read More
  • Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked
    It affects the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. Victor Gevers of the GDI Foundation warns that even if a Citrix device is no longer vulnerable it does not necessarily mean that no harm was done before patching. Through four volunteers, the GDI Foundation scanned the internet for vulnerable Citrix devices and validated the results to remove false positives, sinkholes, and honeypots. More than 98,000 vulnerable Citrix endpoints were found and reported through the Dutch Institute for Vulnerability Disclosure (DIVD) to companies and Internet Service Providers when the owner could not be determined. Statistics collected by the GDI‌ Foundation show that close to 114,000 Citrix servers were vulnerable to this bug on that day, a slight drop from over 128,000 recorded on December 31, 2019. On January 15, after exploits appeared, 662 of them had a vulnerable Citrix server.Read More
  • Army Researchers Working to Protect Facial Recognition Software from Hacks
    Duke University researchers and the Army are working on a way to protect the military's artificial intelligence systems from cyberattacks, according to a recent Army news release. "Object recognition is a key component of future intelligent systems, and the Army must safeguard these systems from cyberattacks," MaryAnne Fields, program manager for the ARO's intelligent systems, said in a statement. "This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data used to train the object recognition system is subtly altered to give incorrect answers." Related: Army Looking at AI-Controlled Weapons to Counter Enemy Fire She added that creating this safeguard would let future soldiers have confidence their AI systems are properly identifying a person of interest or a dangerous object. The hackers could create a trigger, like a hat or flower, to corrupt images being used to train the AI system, the news release said. This image demonstrates how an object, like the hat in this series of photos, can be a used by a hacker to corrupt data training an AI system in facial and object recognition.Read More