• LokiBot and NanoCore Malware Distributed in ISO Image Files
    LokiBot info-stealing malware is again being distributed in a malspam campaign using attached ISO image file attachments. ISO image files are designed to contain the full content of an optical disk. "The observed ISO files were in the size range of 1MB to 2MB which is an unusual file size for image files," they say in a report. So far, Netskope has detected around ten variants in the current campaign, using different ISO images and emails. At that time, it was delivered as a file using the old .com extension, presumably hoping that victims would not recognize the file as an executable. The alternative malware delivered in this campaign is the NanoCore RAT, developed by Taylor Huddlestone.Read More
  • Open-heart nerdery: Boffins suggest identifying and logging in people using ECGs
    Biometric systems could use the unique patterns from a person's ECG reading for biometric sign-ons. This is according to a study (PDF) emitted this month by a trans-Atlantic pair of brains at UC Berkeley in the US and the University of Edinburgh in Scotland, who reckon electrocardiogram results are easy enough to measure, and vary enough from person to person that a reliable authentication system could be built from consumer hardware. To test whether an off-the-shelf authentication scheme would be viable, the researchers had to figure out just how well a small consumer ECG could both read and distinguish ECG patterns from person to person and from reading to reading. What they found was that the ECG readings could match the person with an error rate of about 2.4 per cent over short durations of time (roughly the same range as fingerprint readers), but found that over longer periods between readings, the error rate goes up to around 9 per cent.Read More
  • New Mac malware abuses recently disclosed Gatekeeper zero-day
    Mac malware developers have jumped on a recently disclosed macOS Gatekeeper vulnerability and are actively developing malware that abuses it. The new OSX/Linker malware abuses a security flaw that was disclosed in Gatekeeper, a macOS security system that scans and approves for execution apps downloaded from the Internet. Long said he discovered in early June malware samples that were testing various methods through which to abuse the Gatekeeper bypass for malware distribution. Furthermore, all "test" OSX/Linker malware samples were disguised as Adobe Flash Player installers, "which is one of the most common ways malware creators trick Mac users into installing malware," according to Long, who suggested that these weren't just tests carried out by security researchers, but actual malware payload testing. This is also not the first time that Long and Intego discover malware abusing a Gatekeeper bypass to sneak past macOS' defenses. In February 2018, Intego also found that a new version of the OSX/Shlayer malware was also abusing a Gatekeeper bypass to infect macOS users.Read More
  • IT firm Red Mosquito caught red-handed providing fake ransomware recovery services
    IT firm Red Mosquito caught red-handed providing fake ransomware recovery services. A subsidiary of the UK-based company was found negotiating with attackers for decrypting ransomware-inflicted systems. This subsidiary reportedly paid off attackers at a lower price and then offered recovery services at a much higher price.Read More
  • New OSX/Linker malware found abusing zero-day flaw in macOS Gatekeeper protection for propagation
    New OSX/Linker malware found abusing a zero-day flaw in macOS Gatekeeper protection for propagation. All macOS versions including the latest 10.14.5 are affected by the flaw and Apple is yet to release a patch to address it. It is found that the OSX/Linker malware samples were distributed using disk image files.Read More
  • Incomplete Fix Leads to New Kubernetes Bug
    A new high-severity Kubernetes vulnerability has been discovered, according to security announcement on Securelists.org. As part of the ongoing Kubernetes security audit sponsored by the Cloud Native Computing Foundation, the Kubernetes product security team announced a new high-severity vulnerability (CVE-2019-11246) that impacts kubectl, the command line interface used to run commands against Kubernetes clusters. “Another security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal such that a malicious container could replace or create files on a user’s workstation. This vulnerability is concerning because it would allow an attacker to overwrite sensitive file paths or add files that are malicious programs, which could then be leveraged to compromise significant portions of Kubernetes environments,” said Wei Lien Dang, co-founder and vice president of product at StackRox. Because upgrades depend on the actions of individuals users, the fix can be harder to enforce, and Dang expects that this will not be the only vulnerability disclosed as a result of the security audit.Read More
  • Security flaw in LTE networks can let hackers send false presidential alerts
    A security flaw in LTE networks can let hackers send false presidential alerts. The researchers noted that their attack method of sending fake alerts has worked in nine out of ten cases. The vulnerability can be abused by creating a malicious cell tower channel using off-the-shelf hardware and open-source software.Read More
  • Cybersecurity staff burnout risks leaving organisations vulnerable to cyberattacks
    Cybersecurity skills are in high demand Demand for security staff is up, but some skills are more sought after than others. A study by Goldsmiths, University of London and cybersecurity company Symantec surveyed over 3,000 CISOs and senior cybersecurity decision makers across the UK, France and Germany and found that the mounting pressure faced by those responsible for protecting organisations against cyber threats is taking an increasing toll. That's a problem when the industry is faced with a skills shortage, but there's also a small chance that some of those who feel burned out by cybersecurity could take their abilities and apply them to the dark side. Even without the threat of cybersecurity staff leaving jobs, just under half (44%) of those surveyed said they believe their security teams lack the necessary skills to combat the threats that their organisations face – especially as threats continue to evolve.Read More
  • Microsoft warns users of malicious campaign that drops FlawedAmmyy RAT
    Microsoft warns users of a malicious campaign that drops FlawedAmmyy RAT. The tech giant came across weaponized spam emails written in Korean, that executes this remote access Trojan directly in memory. FlawedAmmyy is known to target organizations in the automotive industry and is associated with campaigns by threat actor TA505.Read More
  • Attackers targeting major telecom providers to obtain data related to high-profile individuals
    Attackers are targeting major telecom providers to obtain data related to high-profile individuals. A research report suggests that the cyberattacks on these organizations have been underway for many years. It is also speculated that the tools and techniques used by the attacker were linked to Chinese threat actor APT10.Read More