• New Mac malware LamePyre can spy on you and run a backdoor
    Though MacOS is generally less targeted when compared to the Windows operating system, it is never all quiet on the western front either. Just this month, we have witnessed significant activity regarding the malware targeting Apple’s MacOS.Read More
  • Kremlin-linked Fancy Bear hit government agencies in four continents
    The Russian cyberespionage group Sofacy, also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, hit government agencies in four continents. Researchers revealed last month, that the Sofacy group used a new malware named Cannon to attack these entities.Read More
  • Save the Children Federation lost $1 million to scammers
    Save the Children Federation, a popular charity that operates across the world, admitted that it fell victim to a scam in 2017. The firm revealed that it lost $1 million to a cyberscam that involved the use of fake invoices.Read More
  • Boomoji app exposed 5.3 million users’ data due to misconfigured ElasticSearch server
    The popular emoji app Boomoji exposed the personal data of around 5.3 million users online after it failed to add passwords on two of its ElasticSearch databases. The unprotected databases could have allowed anyone to edit or delete the data using their web browser.Read More
  • Android malware inadvertently downloaded by 2,000 mobile users in Brazil
    A recently discovered Android trojan - ‘Android.BankBot.495.origin’ - was inadvertently downloaded by almost 2,000 Brazilians. The malware hijacked victims’ devices and stole their sensitive data. According to researchers, the malware was distributed by cybercriminals in the Google Play Store. The malware was disguised as legitimate apps that were advertised as WhatsApp monitoring apps for Android devices.Read More
  • Chinese intelligence-gathering spies blamed for Marriott data breach
    A massive data breach at the Marriott hotel group resulted in the compromise of sensitive information of about 500 million guests. While the hotel group is still trying to sort out the matter, researchers discovered that the hackers responsible for the attack may be Chinese state-backed threat actors.Read More
  • Destructive Shamoon variant suspected to be behind Saipem cyber attack
    Two new samples of the Shamoon data-wiping malware have been spotted in the wild recently. The destructive malware, which was first discovered in 2012 during a cyber attack against Saudi Aramco oil provider, is blamed for the attack on Saipem that occurred on December 11, 2018.Read More
  • Operation SharpShooter attacks nuclear, defense, energy, and financial companies
    In the last few weeks, many government departments and numerous private companies in the defense, telecom, energy, and financial sectors have been in the crosshairs of a global hacking operation.Read More
  • Brazilian IT firm Tivit suffers data leak
    Brazil-based IT services and business process outsourcing provider Tivit has had data from many of its large customers leaked online. Security research website DefCon-Lab found about 1,000 lines of code available on Pastebin's web service including data such as access credentials to Tivit's systems used by clients and other sensitive information including email exchanges. The incident involved data from 19 companies including Brazilian bank Original, insurance company Zurich and software firm SAP. According to the outsourcing company, all clients that have been impacted were notified. A Tivit representative told ZDNet that last week, nine members of staff have suffered a phishing attack through an email that contained a malicious link. However, the company reiterated that neither its datacenters or client networks were invaded by outside sources and that the incident was limited to the computers used by employees that had been targeted by the phishing attack.Read More
  • FEC Votes to Use Campaign Funds for Cybersecurity
    The Federal Election Committee (FEC) has voted that lawmakers are allowed to use leftover campaign funds to guard personal email accounts and devices from cyber threats. In a proposed draft of its advisory opinion, the FEC responded to Sen. Ron Wyden’s question: “May a United States Senator use campaign funds to pay for the costs of cybersecurity measures to protect his personal electronic devices and accounts?” “The Commission concludes that you may use campaign funds to pay for the costs of security measures to protect your personal devices and accounts without such payments constituting an impermissible conversion of campaign funds to personal use, under the Act and Commission regulations,” the FEC wrote. In submitting his request to the FEC, Sen. Wyden acknowledged that he had not experienced any personal threats thus far, but he argued that the cyber threats elected officials face include "attacks by sophisticated state-sponsored hackers and intelligence agencies against personal devices and accounts." “The ruling by the FEC allowing leftover campaign funds to purchase additional cybersecurity detection and protection has kept the conversation about election protection going.Read More
  • Malspam Campaign Impersonates UK Businesses to Target Victims With Banking Trojan
    Security researchers discovered a malspam campaign targeting British computer users with the Ursnif/Gozi/ISFB Trojan. According to My Online Security, the campaign lures victims with phony messages supposedly coming from one of the United Kingdom’s largest banks and other companies. Details of the attack first surfaced on Twitter, as security experts posted examples of malicious emails that used social engineering to dupe recipients into downloading the banking Trojan. One message that purported to come from Lloyds Bank, for example, was designed to look like a fraud alert and came with a PDF attachment. Malicious Emails Are More Than Just Their Name Beyond simply imitating well-known organizations, attackers behind the malspam campaign are also playing on the psychology of those who might be worried about their personal finances. Learn From Other Malspam Campaigns to Defend Your Organization Cybercriminals have an obvious interest in email as a platform to distribute banking Trojans and other threats because of how often people use email every day.Read More
  • SQLite bug impacts thousands of apps, including all Chromium-based browsers
    A security vulnerability in the massively popular SQLite database engine puts thousands of desktop and mobile applications at risk. Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps. The bad news, according to Tencent Blade researchers, is that this vulnerability can also be exploited remotely by accessing something as simple as a web page, if the underlying browser support SQLite and the Web SQL API that translates the exploit code into regular SQL syntax. "We successfully exploited Google Home with this vulnerability," the Tencent Blade team said in a security advisory this week. While it does not support Web SQL, Firefox, too, is affected, since it comes with a locally accessible SQLite database, meaning a local attacker could abuse this vulnerability to execute code and more. But even if the SQLite team shipped a fix, many apps are likely to remain vulnerable for years to come.Read More
  • KoffeyMaker Toolkit Used in Black Box ATM Attacks
    In 2017 and 2018, threat actors utilized a toolkit called KoffeyMaker in multiple black box ATM attacks targeting Eastern European financial institutions. When Kaspersky Lab investigated KoffeyMaker in connection with the attacks, researchers discovered that the devices in the campaign consisted of Windows laptops containing ATM dispenser drivers and a patched KDIAG tool. Those behind the attacks secretly opened an ATM at each targeted bank, connected the device to the cash dispenser, closed the ATM and walked away with the device still inside the machine. Returning at a later time, attackers leveraged a USB GPRS modem to gain remote access to the device, run the KDIAG tool and execute a command for the ATM to dispense bank notes before retrieving the laptop — all while another attacker collected the money. ATM Attacks Aren’t New to Europe Attacks like those involving KoffeyMaker aren’t new. How to Defend Against Tools Like KoffeyMaker According to Kaspersky Lab, the only way for banks to defend against black box attacks is to use hardware encryption between an ATM’s computer and dispenser.Read More
  • Facebook exposed up to 6.8 million users’ private photos to developers in latest leak
    Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway). Facebook also says it’ll be working with developers to delete copies of photos they weren’t supposed to access. Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps. All of the impacted users had logged into a third-party app using their Facebook accounts and granted them some degree of access to view their photos. The Cambridge Analytica breach happened because of Facebook’s lax oversight of developers and data sharing; today’s issue happened because of another breakdown in communication between Facebook and developers.Read More
  • Malaysian government targeted with mash-up espionage toolkit
    In a presentation at AVAR 2018, ESET’s Tomáš Gardoň and Filip Kafka uncovered their research of a previously undocumented espionage toolkit, used in targeted attacks against the Malaysian government in mid-2018. What made the attacks unusual, according to the researchers, was that they relied on malware almost entirely made up of leaked source code of well-known malware, and publicly available tools. We sat down with Tomáš and Filip and asked them a few questions about this ‘mash-up’ toolkit, as they referred to it in their presentation, and the attacks utilizing it. Tomáš: Well, for a start, the infamous remote access tools Gh0st RAT and NetBot Attacker were used as main backdoors. For less skilled attackers, or in more banal attacks, such code reuse is a common practice. Filip: Even if unsuccessful, these repeated detection evasion efforts show that the attack wasn’t just a random incident, but organized espionage against the Malaysian government.Read More
  • ZipRecruiter user email addresses exposed to unauthorised accounts
    On October 5th, we discovered that certain employer user accounts that were not intended to have access to the CV Database were able to obtain access to information including the first name, last name and email addresses of some job seekers who had submitted their CVs to our CV database. The problem is with the part of ZipRecruiter's site that allows an employer with permission to access the database of CVs to contact a candidate. To that end, ZipRecruiter provides a contact form, helpfully populated with the name and email address of the hopeful individual. It appears that the Email Candidate form can also be accessed by users who have not ponied up the cash for access to the CV library. But thanks to the permissions whoopsie, that unauthorised user could also potentially get to the candidate's full name and email address. ZipRecruiter professed itself "not certain of the purpose of the unauthorised access" but speculated with breathtaking insight that the information "could be utilised to send you spam or phishing emails".Read More
  • Cyberattack knocks Schenectady County website offline
    Home > News Schenectady County, N.Y. had to shut down its government website as it tries to dig out from a cyberattack. TheDaily Gazette reported some operations were not affected by the malware, including 911 central dispatching center, the Glendale Nursing Home, Board of Elections, public health senior and long-term care, department of social services and the county library system. The attack was noticed by county employees on Wednesday and restoring the county’s network is expected to take about a week, during which time the website will be kept offline. A county official told The Daily Gazette there is no indication so far of a data breach. Please login or register first to view this content. Login RegisterRead More
  • Samsung Galaxy S8 getting December 2018 security patch update in Germany
    Following the security updates for 2018 flagships, Samsung has now reportedly started pushing the latest Android security patch update for Samsung Galaxy S8 smartphones in Germany. The South Korean company recently rolled out December 2018 security patch to Galaxy S9 and Galaxy S9+ smartphones in some markets with fix for over 40 vulnerabilities. Now according to Sammobile, the December 2018 security patch reaches Galaxy S8 devices in Germany to start with, and it also fixes as many as 40 vulnerabilities in Samsung’s software. Samsung isn’t showing any signs of slowing when it comes to security updates, even when the company is busy working on the next version Android 9 Pie. Watch Video: Samsung Galaxy Note 9 First Look The overlay bump of current Experience UI, the Samsung OneUI, is all about design improvements that are meant to make usability easier. But unfortunately for Samsung Galaxy S8/S8+ users, the OneUI update is not coming.Read More