• Millions of dollars stolen in scam by taxi drivers in Toronto, Police arrests six
    Millions of dollars stolen in scam by taxi drivers in Toronto. Since 2018, the Greater Toronto Area is facing a major taxi fare crisis that involves drivers defrauding customers. The criminal drivers rely on customized Point-of-Sales (POS) machines to steal the payment card information for later draining the customers' accounts.Read More
  • OSX.Dok, the malware that infected Apple computers is bustling again
    OSX.Dok, the Mac malware that was discovered in 2017, has resurfaced again with a new version. It dons the form of a fake PDF app that takes over the entire screen when opened, blocking the user from from taking any action to prevent the malware from installing malicious applications in the background.Read More
  • Open-source Build-Your-Own-Botnet framework eyed by cybercriminals for malicious activities
    Open-source Build-Your-Own-Botnet Framework eyed by cybercriminals for malicious activities. Cybersecurity firm Perception Point detected an intrusion from attackers using the open-source Build Your Own Botnet (BYOB) framework. This incident is the first of a kind when it comes to the use of the framework for conducting attacks in the wild.Read More
  • Iranian developer touts BlackRouter ransomware as RaaS
    Iranian developer touts BlackRouter ransomware as RaaS. BlackRouter ransomware was discovered back in May 2018 and targeted remote access application AnyDesk. It was now seen promoted by an Iranian developer on a Telegram channel.Read More
  • Latest version of Anubis Trojan found to be distributed via Google Play Apps
    Latest version of Anubis Trojan found to be distributed via Google Play Apps. The malware disguises as two Android apps named ‘Currency Converter’ and ‘BatterySaverMobi’ for propagation. The malware comes with a built-in keylogging functionality that simplifies the process of stealing the credentials.Read More
  • Vulnerabilities in Radio Frequency remote controllers can put machinery at risk
    Vulnerabilities in Radio Frequency remote controllers can put machinery at risk. Attackers can exploit such controllers to remotely take control over machines such as cranes, drills and mining machinery. It was discovered that there are three basic security issues in RF controllers.Read More
  • Fallout exploit kit is back with improved features in HookAds campaign
    Fallout exploit kit is back with improved features in HookAds campaign. A malvertising campaign named HookAds is used to distribute the latest version of Fallout. The latest version includes the integration of the most recent Flash Player exploit CVE-2018-1598.Read More
  • Vulnerability in Telegram bot could allow attackers to remotely connect to victim’s host
    Vulnerability in Telegram bot could allow attackers to remotely connect to victim’s host. Attackers can exploit this vulnerability in the Telegram network to compromise victim’s host and send its operator information collected from the compromised host. This allows the attackers to connect to victim’s host remotely.Read More
  • GandCrab Returns with Friends (Trojans)
    Following our previous post about GandCrab, in this post we show how another variant of this well-known ransomware is observed by Check Point’s SandBlast Agent (SBA) Behavioral Guard and analyzed through the lens of a SBA Forensics report. In addition, we review how this new variant comes loaded with Trojan malware too, and yet even when attacked on multiple fronts, so to speak, SBA is still able to prevent an infection. It seems the malware authors really do want to infect the victim with any of the malware variants and go to great lengths to make sure that happens. PowerShell as an Entry Point   From our observation of the above Forensics Report provided by SandBlast Agent, we can understand that the attack begins by launching a hidden PowerShell window with command line arguments to download a secondary payload from an infected hosting provider. The payloads include a variant of Betabot (Also known as Neuvert), AzorUlt data stealer malware and 2 variants of GandCrab ransomware. Figure 7: BetaBot persistence via registry operations The second malware that is executed is a variant of AzorUlt data stealer malware.Read More
  • 8 Tips for Monitoring Cloud Security
    8 Tips for Monitoring Cloud Security Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud. If your company struggles with visibility into cloud security metrics, it's not alone. Cloud security is fundamentally different from on-prem security and requires different practices as companies move applications, services, and data to this new environment. Watching for overprovisioned or incorrectly provisioned identities is one of the ways companies can improve security monitoring in the cloud. Here, experts share their best practices for how to approach cloud security monitoring and what to watch for in their cloud environments.Read More
  • How to secure your cloud file storage with 5 simple tricks
    Most cloud services also let you change the email associated with your account so, if you want to start anew, look for the module that lets you tweak this setting. It’s typically located under “account settings” or “security.” Dropbox offers the option to quickly change the email associated with your account If you have a phone number associated with your account, verify that one as well, and remember to update it if you end up changing your number for any reason. Step 2 – Review, add, or remove devices, browsers and linked apps Most cloud services offer a handy list of all devices linked to your account. Devices associated with a Google Drive account This is how iCloud displays your devices. So be sure to flip this switch on for every online service you have an account with, especially your cloud storage services. ALWAYS sign out of your account when you access your file storage service in a web browser, especially on an external device.Read More
  • 10 Cybersecurity Conference Trips You Should Make Time for This Year
    Key offerings include sessions on making security relevant to the C-suite, understanding the value of collaborative defense and transforming the role of incident response (IR) with new technologies such as IBM’s Watson.View the Think 2019 security and resiliency curriculum roadmapRSA ConferenceOne of the industry’s biggest annual conferences, RSAC is also held in San Francisco and will run from March 4–8. The Institute of Electrical and Electronics Engineers (IEEE)’s 40th symposium will take place in San Francisco from May 20–22 and wil lbring together some of the industry’s leading researchers and practitioners to help organizations evaluate their current privacy policies and prepare for the next generation of personal data defense.Gartner Security and Risk Management SummitHappening in National Harbor, Maryland, from June 17–20, Gartner’s yearly conference includes sessions about emerging information security priorities such as machine learning, analytics and blockchain.Read More
  • Three steps for avoiding devastating security breaches
    With the majority of attacks leveraging malware to exploit known software vulnerabilities, identifying all of your endpoints and all of the software running on them is the first step to protecting them. Not only are there potentially thousands of different pieces of software throughout the organisation (or more), each is very likely in a different stage of its lifecycle—some current and up-to-date, others several (or more) update cycles behind. With the majority of attacks leveraging malware to exploit known software vulnerabilities, identifying all of your endpoints and all of the software running on them is the first step to protecting them. Not only are there potentially thousands of different pieces of software throughout the organisation (or more), each is very likely in a different stage of its lifecycle—some current and up-to-date, others several (or more) update cycles behind. In an average large organisation, there are be 2,000 discrete pieces of software in use, a number which multiplies by order of magnitude when you consider the potential different versions and device drivers also involved.Read More
  • Hacker who got into Laurentian University's computer system sentenced to probation
    AudioThe case of a Laurentian University student who hacked into the school's system and told them about it, only to get charged with a crime, wrapped up in a Sudbury court. The sentence was 12 months probation and 25 hours of community service for Spencer Brydges after he pleaded guilty to mischief. The CBC's Erik White spoke with Brydges back in 2017 after the hacking incident. This is some of that conversation.The case of a Laurentian University student who hacked into the school's system and told them about it, only to get charged with a crime, wrapped up in a Sudbury court. The sentence was 12 months probation and 25 hours of community service for Spencer Brydges after he pleaded guilty to mischief. The CBC's Erik White spoke with Brydges back in 2017 after the hacking incident.Read More
  • Fake BBC News page used to promote Bitcoin-themed scheme
    An investment scheme is using a fake BBC News webpage to convince members of the public to hand over funds. The spoof page references a Bitcoin-themed documentary broadcast by Panorama last year, but links on the page direct visitors to a site promising to make them a millionaire. Reports indicate that the fake page is being spread via emails sent from hacked accounts. And Sir Richard Branson has also warned that fake CNN news pages had been created to make it seem that he had endorsed a Bitcoin Trader-branded scheme. Image caption Sir Richard previously warned the public of a fake CNN Tech page The fake BBC News page contains a lengthy article describing an "underground banking system" that allows investors to turn small deposits into "a fortune".Read More
  • What we learned by unpacking a recent wave of Imminent RAT infections using AMP
    What we learned by unpacking a recent wave of Imminent RAT infections using AMP Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection’s (AMP) Exploit Prevention engine. AMP successfully stopped the malware before it was able to infect the host, but an initial analysis showed a strong indication that stages exist before the deployment of the RAT. Surprisingly, the recovered samples showed no sign of Imminent RAT, but instead a commercial grade packer. This was a series of attacks engineered to evade detection and frustrate analysis. We hope that after reading this research, you’ll have a better understanding of not only what it takes to investigate an attack using a complex packer, but also how AMP is equipped to stop such attacks that planned on successfully evading static detection or thwarting the benefits of dynamic analysis from a malware sandbox.Read More
  • The spam that is hardest to block is often the most damaging
    In our lab, we measure how well such spam is blocked by email security products. It is not uncommon for an otherwise well-performing email security product to miss as much as ten per cent of these emails, and for individual emails to be missed by more than half of the products in our lab. Such emails aren't inherently harder to block, but the fact that the cybercriminals behind such campaigns tend to be more skilled, and the fact that the emails are sent in much smaller batches, means that they are able to evade filters and blocklists more easily. Below we list some recent examples of phishing and malware emails seen in our test lab, notable because they were missed by many email security products. What concerned us, though, were the many products that missed the emails, with some of the earlier ones being missed by almost all products; block rates increased as the campaign progressed. Documents attached Apart from the fact that the recipient's email address is in the subject line, there is nothing suspicious about an email with "attached documents", especially if you were expecting someone to send you some files.Read More
  • Twitter bug revealed private tweets for some Android users for almost five years
    Social media network Twitter revealed today that it fixed a bug that affected users of its Android app. According to Twitter, only the following users were possibly affected: The bug also didn't impact users of their Web or iOS clients, although, if members changed their account's email address from an Android client, and then used other clients, they might also be affected. The social network didn't reveal how it found the bug, but said that it already notified all users who it believes were impacted, and also reset the "Protect your Tweets" option to its original setting, hiding those people's tweets from non-followers, non-registered users, and search engines. In September 2018, Twitter was impacted by another bug, affecting its Account Activity API (AAAPI), which sent some users' private messages to the wrong Twitter app developers. Twitter users can double-check the status of the "Protect your Tweets" option in the Twitter account settings panel, under the "Privacy and safety" option.Read More