• Slack resets passwords of around 1% users following 2015 data breach
    Slack resets passwords of around 1% of its users following 2015 data breach. In 2015, attackers had gained access to some of the Slack’s infrastructures including a database. The database was used to store user profile information such as their usernames and hashed passwords.Read More
  • Attackers Infect Town of Collierville With Ryuk Ransomware
    Attackers infected the Town of Collierville with Ryuk ransomware. The infection crippled computer systems and encrypted some of the computer files, blocking access to those files. The attack also impacted public services like permit requests, public records requests, and business services.Read More
  • Wise Health System Suffers Phishing Attack Compromising Nearly 36,000 Patients' Information
    Wise Health System suffered a phishing attack compromising nearly 36,000 patients' information. Although the intent of the phishing campaign is to divert payroll direct deposits, the compromised email accounts that stored patient information might have been accessed. The compromised employee email accounts included patients’ medical record number, diagnosis and treatment information, and insurance information.Read More
  • Attackers create fake Office 365 site to push TrickBot trojan
    Attackers create a fake Office 365 site to push TrickBot trojan. TrickBot password-stealing trojan is disguised as Chrome and Firefox browser updates to deceive users. The fake Office 365 website looks very similar to any site of Microsoft.Read More
  • New Proyecto RAT targets Colombian businesses
    New Proyecto RAT targets Colombian businesses. A spam campaign was found directed against financial institutions and governmental organizations. The threat actors behind the campaign used a disposable email address service for the command-and-control server.Read More
  • Tampa-based community radio station WMNF 88.5-FM hit with ransomware attack
    Tampa-based community radio station WMNF 88.5-FM hit with a ransomware attack. The attack forced the station to shut down its live broadcasts and play pre-recorded shows. The ransomware attack also compromised a few files that included all of the blank forms the station uses for various office purposes.Read More
  • Microsoft Alerts Nearly 10,000 Customers of Attacks from Nation-Sponsored Hacking Groups
    Microsoft alerts nearly 10,000 customers of attacks from nation-sponsored hacking groups. The firm revealed that most of these attacks came from hacker groups based in Iran, North Korea, and Russia. Most of these attacks, around 84%, target large enterprises, while 16% of the attacks are directed at small businesses.Read More
  • More than 805,000 systems are still vulnerable to BlueKeep vulnerability
    More than 805,000 systems are still vulnerable to BlueKeep vulnerability. BlueKeep is a flaw that affects RDP services in older versions of Windows OS such as XP, 7, Server 2003 and Server 2008. The flaw, designated as CVE-2019-0708, does not affect the later versions such as Windows 8 and 10.Read More
  • Elusive MegaCortex Ransomware Found - Here is What We Know
    It is not known exactly how the attackers gained access to a network, but Sophos stated that the Emotet or Qakbot Trojans were present on networks also infected with MegaCortex.  The MegaCortex encryption process In a sample of MegaCortex discovered by MalwareHunterTeam, analyzed by Vitali Kremez, and shared with BleepingComputer, we are able to gain new insight into how the ransomware operates. The ransomware will then begin to encrypt files on the victim's hard drives. When encrypting files, it will not encrypt any of the following types of files, file names, or files under listed folders. .dll .exe .sys .mui .tmp .lnk .config .manifest .tlb .olb .blf .ico .regtrans-ms .devicemetadata-ms .settingcontent-ms .bat .cmd .ps1 desktop.ini iconcache.db ntuser.dat ntuser.ini ntuser.dat.log1 ntuser.dat.log2 usrclass.dat usrclass.dat.log1 usrclass.dat.log2 bootmgr bootnxt temp\ .+\\Microsoft\\(User Account Pictures|Windows\\(Explorer|Caches)|Device Stage\\Device|Windows)\\ As the ransomware encrypts a file it will append the .megac0rtx extension to the encrypted file's name.Read More
  • Cybersecurity industry can contribute its expertise to cyberspace peace
    Estonia, a small nation in Europe, suffered the first nationwide cyberattack in 2007 when a DDoS attack crippled several key websites including those of banks, Parliament, government ministries and the media. But they are also actively campaigning for greater cooperation from various sectors including governments and cybersecurity companies and practitioners to work together against the cyber perpetrators. The trio have been involved in the 2015 United Nations report on norms for cybersecurity behaviour among countries. Werdaningtyas pointed out that the nature of cyber attacks are trans-boundary and cannot be solved by single countries. That’s the reason many countries cannot deal with the cybersecurity threat by themselves because they are small, in size as well as technological capability. Singapore is also working with Indonesia and Australia to help other ASEAN countries get up to speed on cybersecurity, supporting them in capability development.Read More
  • URL Spreading Shellbot and XMRig Using 17-year old XHide
    One of our honeypots detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor as the final payload. The malware scans for open ports and weak credentials to infiltrate and then sends a command that will download the Perl-based Internet Relay Chat (IRC) Shellbot with file name “sshd2” (detected by Trend Micro as Backdoor.Perl.SHELLBOT.D) and “findz” (detected by Trend Micro as Trojan.SH.MINESTARTER.A) — which will infect the system with the miner by downloading and extracting “so3” (detected by Trend Micro as Coinminer.Linux.MALXMR.UWEJQ). “a”, a bash script that performs the following (detected by Trend Micro as Trojan.SH.MINESTARTER.A): Drops “upd”, a shell script that serves as a watchdog for the mining process Sets up a cron tab executing “upd” every minute Executes “r” “r”, a script that executes “e” or “f” depending on the central processing unit (CPU) architecture of the infected machine (detected by Trend Micro as Trojan.SH.MINESTARTER.A).Read More
  • AI, quantum computing and 5G could make criminals more dangerous than ever, warn police
    Artificial intelligence, quantum computing, 5G and the rise of the Internet of Things are just some of the emerging technologies that could aid cybercriminals in ways that could make them more dangerous than ever – and law enforcement must innovate quickly in order to help keep citizens safe, a new report has warned. Published by Europol, the 'Do criminals dream of electric sheep: how technology shapes the future of crime and law enforcement' report – the title of which references the work of science fiction writer Philip K. Dick – explores the consequences that emerging technology could have for cybercrime. For example, AI is detailed as a technology that could benefit law enforcement by helping to improve the security of systems and devices. One area Europol fears this could have an impact is in the realm of deepfakes and disinformation – the report even warns that "criminals are already reported to have used deepfake audio impersonating chief executives in an attempt to defraud organisations".Read More
  • Hackers Publish List of Phished Discord Credentials
    Earlier this week a group of hackers published a list of email addresses and passwords they say they phished from users of gaming chat platform Discord. The list is small, totalling in at only around 2,500 logins, but the news still acts as a reminder that Discord users need to remain vigilant for phishing. "This was no virus, worm or malware of any sort—it was simple old phishing site that utilized Discord's own moronic API to hijack these accounts," the hackers wrote in a message on their website. Some of the invalid login details are clearly fake, with emails such as "fucking@phish.io" and the password "fucku," likely from people who are trying to provide the hackers with garbage data. Motherboard took a random selection of email addresses from that section of the dump, and tried to create new Discord accounts with them. In the vast majority of cases, this was not possible because the email address was already linked to a real and active Discord account.Read More
  • QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack
    Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. “The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible,” the company said. iNSYNQ said it has engaged outside cybersecurity assistance and to determine whether any customer data was accessed without authorization, but that so far it has no estimate for when those files might be available again to customers. Meanwhile, iNSYNQ’s customers — many of them accountants who manage financial data for a number of their own clients — have taken to Twitter to vent their frustration over a lack of updates since that initial message to users. Meanwhile, competing cloud hosting providers have been piling on to the tweetstorms about the iNSYNQ outage by marketing their own services, claiming they would never subject their customers to a three-day outage.Read More
  • Malware in PyPI Code Shows Supply Chain Risks
    A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories. The pace of modern software development requires code reuse, and effective code reuse requires code repositories. Researchers at ReversingLabs have discovered the most recent attack against a repository: a module that carries a backdoor found in popular Python repository Python Package Index (also known as PyPI or Cheese Shop). Most of these involve physical supply chains, but Perica says security professionals need to understand these code repositories – from PyPI to RubyGems, NuGet, and npm – are critical pieces of their software supply chain. "PyPI is like the official package repository for the Python Software Foundation," Perica notes. Perica says the best solution for companies looking to minimize the risk from code repositories is to have a security team look at each library to be used and verify the contents.Read More
  • Researchers devise method to track Bluetooth devices
    Researchers from Boston University (BU) have discovered a way to circumvent anonymization protections on Bluetooth Low Energy devices, allowing potentially malicious actors to passively track the movements of these devices and their users. To prevent third-party actors from tracking devices via this process, some devices use randomized addresses that periodically change, explain BU researchers Johannes Becker, David Li and David Sarobinski, in their recently published paper, “Tracking Anonymized Bluetooth Devices.” However, the researchers found that malicious actors can extract what they refer to as unique “identifying tokens” from the payloads of their advertising messages. The tracking vulnerability and corresponding exploit affects Bluetooth-enabled Windows 10, iOS and macOS devices, provided these devices are continuously observed by a would-be attacker. Meanwhile, Fitbit wearable devices don’t bother to change and randomize their device addresses, which make them even easier to track, the report stresses.Read More
  • Fake FaceApp Challenge Apps Are Installing Malware. Here's What You Need To Know
    While the debate rages as to the privacy implications of taking part in the viral FaceApp Challenge, security researchers have now issued warnings about fake FaceApp Challenge apps spotted in the wild and installing malware. FaceApp itself is nothing new, it first went viral back in 2017, but this latest FaceApp Challenge has taken the internet by storm. The challenge for those unfortunate enough to install this app, which tricks users into thinking it is a certified version of FaceApp, is not getting infected by malware. Fake FaceApp Challenge app installs malware "Kaspersky has identified a fake application that is designed to trick users into thinking it is a certified version of FaceApp," Igor Golovin, a security researcher at Kaspersky, warned, "but goes on to infect devices with an adware module called MobiDash." Because the threat actors behind MobiDash often hide their malware behind the illusion of popular applications, and they don't come much more so than the FaceApp Challenge right now, Golovin warned that "the activities of the fake version of FaceApp could intensify, especially if we are talking about hundreds of targets in just a few days."Read More
  • Israeli security company reportedly has tool that spies on Apple, Google and Facebook cloud data
    An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group, on August 28, 2016, in Herzliya, near Tel Aviv.An Israeli cybersecurity company has developed spyware that can scrape data from the servers of Apple, Google, Facebook, Amazon and Microsoft products, according to The Financial Times.The report says NSO Group's proprietary smartphone malware, Pegasus, harvests not only data stored on a device, but also any information stored in the cloud, including a user's location data, archived messages and photos.NSO Group, who previously installed malware in Facebook's WhatsApp, denied that it markets software capable of capturing data in the cloud. NSO's products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure suggested in this article," the company told CNBC in a statement.Read More