• Exploring the Nature and Capabilities of Anubis Android Banking Trojan
    Over the past few years, Android banking trojans have been a persistent threat. Attackers are continuously incorporating a wide range of malicious functionality within the Trojans to make them more effective and less susceptible to detections. One such example is the infamous Anubis trojan.Read More
  • Over 2000 Wordpress Sites Hacked to Propagate Scam Campaign
    More than 2000 WordPress sites have been hacked by cybercriminals for a scam campaign that redirects visitors to several scam sites. The hacking campaign makes use of previously known vulnerabilities in WordPress plugins. Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’.Read More
  • Ransomware Operators Turn Evil for Late Reposnders and Non-paying Victims
    Maze ransomware actors have announced they will publicly release 9.5 GB of data stolen from infected machines of Medical Diagnostic Laboratories (MDLab). On the other hand, attackers behind the Sodinokibi Ransomware threatened GEDIA Automotive Group of publishing stolen data after the group allegedly chose not to respond to their ransom demands.Read More
  • Historian Indicates Potential Brain Hacking Threat in Future
    Yuval Noah Harari, one of the best-selling and popular historian, recently discussed “brain hacking” concepts at the World Economic Forum in Davos and also indicated what it means for the future of humans.Read More
  • FTCode Ransomware Returns with Credential-Stealing Capabilities
    A group of researchers reported that FTCode ransomware is now armed with browser, email password-stealing features. It can skim user credentials from Internet Explorer, Firefox, and Chrome as well as email clients Thunderbird and Outlook. The malware acquires persistence through a shortcut file in the startup folder that executes on reboot.Read More
  • Multiple Weaknesses in Industrial Control Systems can Expose Organizations to Serious Risks
    A new analysis of Industrial control systems (ICS) sheds light on how some legitimate and deeply rooted product features and functions can actually pose a threat to organizations. ICS systems are widely used in the networks oil & gas, power generation, refining & chemicals, pulp & paper, and mining industries. According to the study conducted by PAS Global, over 10,000 industrial points have been found to be affected by over 380,000 known vulnerabilities.Read More
  • New Bill Proposes Cyber Leaders for Each U.S. State
    A group of U.S. senators has proposed legislation regarding the appointment of a cybersecurity leader for each state under the Cybersecurity State Coordinator Act of 2020.Read More
  • The State of Maryland to Criminalize Ransomware Possession
    State lawmakers in Maryland recently heard arguments on a bill that makes the possession of ransomware a criminal offense. It is already a crime in Maryland to use ransomware in a way that costs victims money. Researchers and experts collectively believe that the only way to stop ransomware is to make ransomware operators unprofitable.Read More
  • Trend Micro antivirus zero-day used in Mitsubishi Electric hack
    Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus during their attacks on Mitsubishi Electric, ZDNet has learned from sources close to the investigation. Trend Micro has now patched the vulnerability, but the company did not comment if the zero-day was used in other attacks beyond Mitsubishi Electric. According to reports, the hack first originated at a Mitsubishi Electric Chinese affiliate, and then spread to 14 of the company's departments/networks. The only technical detail in relation to the hack Mitsubishi Electric disclosed was the fact that hackers exploited a vulnerability in one of the antivirus products the company was using. According to a security advisory Trend Micro sent out in October 2019, "affected versions of OfficeScan could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE)." In a case study on its website, Trend Micro lists Mitsubishi Electric as one of the companies that run the OfficeScan suite.Read More
  • Cyberattack Hobbles Oregon County Network, Services
    A cyberattack has knocked out the phone lines and Internet for Tillamook County, Ore., throwing local government service delivery into disarray, local news reports and official accounts show. "We're learning to use paper and pen again," said Lt. Gordon McCraw, emergency management director with the county sheriff's department, who is helming the local response to the crisis. Computer difficulties in various departments Wednesday morning alerted officials to a potential infection, with the county IT department quickly realizing systems had been hit with encrypting malware. A local report showed a county commissioner quoted as saying the infection is "apparently ransomware in nature" but said a ransom had not been posted. The county has hired a digital forensic team from Arete Advisors, a cybersecurity firm that specializes in incident response, to identify the source, nature and extent of the attack, he said.Read More
  • DoS Exploit PoC Released for Critical Windows RDP Gateway Bugs
    A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests," Microsoft's security advisories explain. [..] The vulnerability only affects UDP transport, which by default runs on UDP port 3391." The BlueGate proof-of-concept Besides the capability to trigger a denial of service state on unpatched systems, the researcher's DoS PoC also comes with a built-in scanner for checking if a host is vulnerable to CVE-2020-0609 and CVE-2020-0610 exploitation attempts.Read More
  • Tampa Bay Times Struck by Ransomware, Joining a Growing Club of Hacked Media Outlets
    Written by Jeff Stone Jan 24, 2020 | CYBERSCOOP The Tampa Bay Times became the latest major U.S. news organization to be infected with ransomware Thursday when the virus known as Ryuk forced the newspaper to activate incident response plans. The company reported on Jan. 23 that the ransomware had infiltrated its systems, though exactly how the attack occurred remains unclear. Hackers did not compromise any data, such as payment or customer information, the Times reported, and the paper expected to recover by restoring its system from backup files. The Ryuk ransomware strain in particular, has hit companies like Tribune Publishing in 2018, creating a ripple effect that led to problems at the Los Angeles Times, San Diego Tribune and the South Florida Sun. This month, the Daily Gazette, based in Schenectady, New York, reported it had been struck with ransomware, though the specific type was not immediately clear. The security vendor CrowdStrike reported in December that the number of ransomware victims who agreed to pay the fees more than doubled to 39% last year, up from 14%.Read More
  • New Ryuk Info Stealer Targets Government and Military Secrets
    In September 2019, we reported on a new malware that included references to the Ryuk Ransomware and was used to steal files if the file's name matched certain keywords. It is not known if this tool is created by the Ryuk Ransomware actors to be used for data exfiltration before encrypting a victim's computer or if another actor simply borrowed from the ransomware's code. In the previous version, the Ryuk Stealer would scan a computer's files for Word (docx) and Excel (xlsx) documents.Read More
  • There’s a new FedEx text message scam that you need to know about
    Whether it’s a phishing email purporting to be from Apple or a call from someone claiming to be from the IRS, consumers need to remain as vigilant as ever when it comes to identifying seemingly legit messages designed to steal an individual’s personal information and cold hard cash. The latest texting scam comes in the form of a text designed to look like a legitimate FedEx tracking notification. This is what the fraudulent text typically looks like: In a statement provided to ABC News on the growing scam, FedEx said the following: While there is no foolproof method to prevent the FedEx name from being used in a scam, we are constantly monitoring for such activity and work cooperatively with law enforcement. FedEx’s response doesn’t instill us with much confidence, but the truth is that this scam, at first glance, is particularly hard to differentiate from a legit FedEx tracking alert.Read More
  • Hackers targeting Arabic-speaking countries with malicious Microsoft Office documents
    Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents. In a blog post and an email interview, Rascagneres and the Talos team explained that this malware has been used specifically to target people and systems in Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain, and Lebanon. The malware is divided into a couple of layers — each layer downloads a new payload on a cloud provider to get the final RAT developed in Python and that uses additional providers such as Twitter and ImgBB," Talos researchers wrote in their blog post. Attackers can abuse well-known cloud providers and abuse their reputations in order to avoid detection," the blog continued. In their blog post, the Talos researchers noted that the people behind the attack used anti-VM and anti-analysis tricks to hide their actions, which reinforces the need for security systems that could do more than just network-based detectionRead More
  • How the North Korean hackers behind WannaCry got away with a stunning crypto-heist
    Cyberattacks waged against cryptocurrency exchanges are now common, but the theft of just over $7 million from the Singapore-based exchange DragonEx last March stands out for at least three reasons. First there is the extremely elaborate phishing scheme the attackers used to get in, which involved not only fake websites but also fake crypto-trading bots. And if this and other reports are correct in fingering North Korean hackers as the perpetrators, it looks to be part of a larger survival strategy by Kim’s regime, which has been cut off from the global financial system by international economic sanctions meant to curtail its nuclear weapons program.DragonEx was not the first crypto exchange to be victimized by this particular hacker band, which some security analysts call the Lazarus Group. In August, a group of independent experts reported to the United Nations that North Korea has generated an estimated $2 billion for its missile program by using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges.Read More
  • An adult sexting site exposed thousands of models' passports and driver's licenses
    A popular sexting website has exposed thousands of photo IDs belonging to models and sex workers who earn commissions from the site. SextPanther, an Arizona-based adult site, stored more than 11,000 identity documents on an exposed Amazon Web Services (AWS) storage bucket, including passports, driver's licenses and Social Security numbers, without a password. The exposed storage bucket also contained more than 100,000 photos and videos sent and received by the workers. An hour after we alerted the site's operator, Alexander Guizzetti, to the exposed data, the storage bucket was pulled offline. Using information from identity documents matched against public records, we contacted several models whose information was exposed by the security lapse. We passed along a photo of her license found in the exposed bucket.Read More
  • 2015-member database floats off through breach in Royal Yachting Association's hull
    The Royal Yachting Association (RYA) has told members that "an unauthorised party" may have pilfered a database containing personal information from 2015. "On 17 January 2020 we became aware that an unauthorised party accessed and may have acquired a database created in 2015 containing personal data associated with a number of RYA user accounts," it said. Stolen information included names, email addresses and "hashed passwords", including a "majority held with the salted hash function." The Information Commissioner's Office has been informed. All boaty people with RYA online accounts have had their passwords reset, with account access being disabled until this is done. In an email sent to RYA members and seen by The Register, the association said: "We will provide more information to those users potentially impacted by this possible breach as soon as possible."Read More