• Your NAS Devices are under Threat From Ransomware, Say Researchers
    The number of ransomware attacks has shot up, with such incidents being reported quite often, especially in sectors such as healthcare and government agencies. Now, security experts are saying that ransomware strains are targeting NAS and backup storage devices.Read More
  • New Phishing Campaign Uses Self-Contained Webpage to Steal Credentials
    Researchers have spotted a new phishing campaign that steals credentials. However, this campaign is different from the commonly observed ones. The email used in this campaign was seen to contain the traditional payment notice phishing text.Read More
  • Dissecting the threat from Sodinokibi ransomware
    The ransomware is being actively distributed in the wild through Managed Service Providers, exploit kits and spam campaigns. The ransomware has been designed to target systems running the Windows operating system.Read More
  • Comparing the features of TCP and UDP
    TCP and UDP and widely used internet protocols that dictate how data is shared over the internet. They differ in terms of multiple characteristics, making them suitable for different purposes.Read More
  • Your Guide to The Basics of Attack Vectors
    An attack vector is a means by which malicious actors can gain access to a system or network to perform malicious activities. Understanding attack vectors and finding ways to secure them is important to defend against cyber attacks.Read More
  • U.S. Government alerts financial services sector of ongoing Dridex malware attacks
    The attackers are targeting financial services firms through phishing campaigns. The alert includes a list of previously unreported indicators of compromise derived from information reported to FinCEN by financial companies.Read More
  • VPNs emerge as new channel for attacks as security researchers uncover multiple security issues
    An attacker can sniff, hijack and tamper VPN-tunneled connections by abusing a flaw in Linux, Android, macOS, and other Unix-based operating systems. Aviatrix VPN is also found to be impacted by multiple local privilege escalation vulnerabilities.Read More
  • Security Experts Track the New Buer Loader
    Researchers have been tracking a new loader dubbed ‘Buer’ since the end of August 2019. This malware is said to use C and .NET Core programming languages for improved efficiency.Read More
  • Criminals Hide Fraud Behind the Green Lock Icon
    In its "State of E-Commerce Phishing" report for 2019, NormShield reported that the number of potential phishing domains registered in 2019 was up by 11% over 2018. Then they are standing up phishing sites on those domains that are essentially clones of the various e-commerce sites to fool the end user into believing they're on a legitimate e-commerce site." It became a problem through products and services designed to make it easier for small organizations to properly protect their websites: Free and open certificate authorities like Let's Encrypt provide the same level of encryption (and same appearance of legitimacy) to criminal phishing sites they provide to legitimate small businesses. At this time of year, especially, researchers see an increase in criminals registering typo-squatting and phishing domains that are a single character different from a legitimate domain, Maley says. Other techniques for tricking victims include domains with two letters transposed from those of a legitimate site and those with common misspellings of well-known domains.Read More
  • Microsoft to help Office 365 customers track entire phishing campaigns, not just lone emails
    Named "Campaign Views," this is a new feature that will be available for Office 365 Advanced Threat Protection (ATP) -- which is the company's paid email filtering service, available as an add-on for Office 365, its multi-functional cloud-based office suite. Campaign Views will be a new section in the Office 365 ATP Threat Explorer dashboard where customers can get a full view of an entire malicious email phishing campaign that's hitting a company's email inboxes. Campaign Views will show details about the entire phishing campaign and all the tricks and infrastructure it uses. To power this new feature, Microsoft will be using its global view over the entire Office 365 infrastructure, but also "machine learning, advanced heuristics, rich detonation capabilities, targeted capabilities to spot business email compromise, and massive security intelligence sources that come together during mail-flow as well as after email delivery." Per Microsoft, during its public preview stage, Campaign Views will be available for customers with any of the following plans: Campaign Views will be added to an already impressive list of Office 365 ATP protections.Read More
  • Confirmation Strategic Command to lead on cyber-defence in the UK
    The UK ministry of defence has issued a press statement confirming the redesignation of its Joint Force Command (JFC) to Strategic Command as part of reorganisation to improve integration and enhance its role, as outlined in a speech last week by chief of the defence staff, General Sir Nick Carter at the Royal United Services Institute New defence responsibilities now include: providing leadership in the cyber domain for the MOD generating and developing capabilities for defence across the land, sea, air, cyber and space domains preparing for and coordinating joint operations educating and training the joint force of today and of the future leading in the information environment for defence and providing the MOD’s information and communication technology systems. The changes follow Lord Levene’s report on defence reform in 2011 which recommended that a joint service organisation should be formed within the Ministry of Defence (MOD) to better support our UK Armed Forces. In 2012, JFC was established and was responsible for joint operations, intelligence, medical services, information systems, training and education, special forces and our overseas bases.Read More
  • Dev says MakerDAO attackers could turn $20M in Ethereum into $340M almost instantly
    A software developer claims to have found a way in which to make an “incredibly profitable” but “expensive” attack to steal all the Ethereum available in MakerDAO. Micah Zoltu described the potential attack in a blog post published on Monday, noting a successful attack could see the hacker “ride off into the sunset with $340 million worth of Ethereum.” “The problem is, Maker Foundation has decided that the appropriate value for this governance delay is 0 seconds. The issue, Zoltu notes, lies in the way in which MakerDao is governed. Because of that, I do not believe that it would be responsible for me to keep my mouth shut and hope that no attacker figures out what should be obvious to anyone who understands Maker’s governance model,” he notes. Back in October, MakerDAO disclosed another dangerous security flaw that could have potentially allowed an attacker to steal Ethereum ETH powering its then-unreleased multi-collateral Dai with a single transaction.Read More
  • Ransomware Attack on Minnesota Health Facility
    All 80,000 patients of the facility are being informed of the incident, which SEMOMS said "may have resulted in the inadvertent exposure of patients’ health information." In a statement published on their website, SEMOMS said: "Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed." SEMOMS said: "After examining the impacted server, the investigation was unable to determine if patients’ names and X-ray images had been viewed or accessed by an unknown, unauthorized third party. Letters sent to potentially impacted patients include information about what occurred and a toll-free number where patients can learn more about the incident. SEMOMS gave a reassurance that any patients' financial information, medical records, or Social Security numbers that had been provided to the health organization had not been impacted by the event.Read More
  • Geopolitics Will Drive Aggressive Cyber Activity Throughout 2020
    Geopolitics is likely to underpin cybersecurity threats throughout 2020. International politics have always centered on nations seeking to surpass their rival nations, both economically and militarily. The U.S./China trade war, however, is on a different level; and will undoubtedly lead to increased Chinese cyber activity against western economies, and especially the U.S. economy. National manufacturing has become dependent upon international components, and while this can cause political problems (for example, Huawei in the west), it limits the potential for further global balkanization of the internet while simultaneously increasing the supply chain threat. He sees three areas for concern: an international race for technological supremacy; the supply chain and IoT; and a blurring between cybercrime and nation state activity. Nation state attacks will increase through the geopolitical situation, but criminal attacks will likely be more advanced and better resourced as an effect of those same geopolitical tensions.Read More
  • A Saudi Telecom Exposed a Streaming List of GPS Locations
    STCS, a Saudi Arabian telecom company, was running a server containing hundreds of thousands of constantly updated GPS locations before Motherboard contacted the organization about the issue. It is not clear what the GPS locations referred to, but they pointed to locations spread throughout Saudi Arabia, and were seemingly sourced from a variety of brands of GPS trackers, according to data in the exposed server. The data was not supposed to be public, judging by STCS' reaction of fixing the server exposure once aware of the issue. The data included a rolling list of regularly updated entries, with the date and time, latitude and longitude coordinates, and the brand of the GPS tracker. Motherboard plotted a snapshot of the data onto a map and found the vast majority of the locations were inside Saudi Arabia, with a handful in China and off the coast of west Africa. Motherboard is not publishing the map because we don’t know what exactly the GPS locations relate to and thus we are unsure of how sensitive the data is.Read More
  • Nation-State Attackers May Have Co-opted Vega Ransomware
    Significant changes in the tactics of a new variant of the Vega ransomware may indicate that the code for the software is now in the hands of a nation-state actors, security firm BlackBerry Cylance stated on December 9. The new ransomware variant, dubbed Zeppelin by BlackBerry Cylance, started spreading in early November and avoids infecting systems in Russia, Ukraine, Belorussia, and Kazakhstan, instead focusing on US and European technology and healthcare companies, according to the company's researchers. While the malware framework is modular and can easily be configured for different tasks, Zeppelin focuses on destructive attacks, says Josh Lemos, vice president of research and intelligence at BlackBerry Cylance. Where attackers once focused the malware on consumers, businesses are now the preferred targets of attack, because a single compromise can net tens of thousands of dollars for the attackers.Read More
  • NordVPN Launches Bug Bounty Program
    Virtual private network (VPN) services provider NordVPN on Monday announced the launch of a public bug bounty program on the HackerOne platform. The bug bounty program covers NordVPN websites (nordvpn.com and some subdomains), Chrome and Firefox browser extensions, VPN servers, and desktop and mobile applications for all platforms. Launching a bug bounty program was one of the promises made by NordVPN to customers after news broke that NordVPN and other VPN providers had been breached. Following the disclosure of the incident, NordVPN promised to launch a bug bounty program, partner with cybersecurity consulting firm VerSprite, conduct a full infrastructure security audit, switch to diskless RAM servers, and adopt higher security standards. Related: LINE Launches Public Bug Bounty Program on HackerOne Related: Apple Offers Up to $1 Million in Public Bug Bounty ProgramRead More
  • PR Software Firm Exposes Data on Nearly 500k Contacts
    Written by Greg Otto Dec 9, 2019 | CYBERSCOOP A company that sells content management software and services exposed data on 477,000 media contacts, including 35,000 hashed user passwords, to the public internet. In October, iPRsoftware, a U.S.-based company that specializes in software that manages and disseminates company public relations and marketing, was discovered to be exposing the data along with administrative system credentials and assorted documents. Among the documents were marketing materials for client companies, as well as credentials for the company’s Google and Twitter accounts and a MongoDB hosting provider. Chris Vickery, director of cyber risk research at UpGuard, first contacted the company about the exposure in October. AWS told iPRsoftware that the repository was in fact exposed to the public internet, and the company made it private on Nov. 26. iPRSoftware lists NVIDIA, Xerox and Mattel among its clients. Among the companies with information exposed included Nasdaq and Mercury Public Affairs, a lobbying firm that stirred up controversy earlier this year for its ties to Paul Manafort.Read More