Critical Flaw Exposes Many Cisco Devices to Remote Attacks
Cisco has patched more than 30 vulnerabilities in its IOS software, including a critical remote code execution flaw that exposes hundreds of thousands – possibly millions – of devices to remote attacks launched over the Internet. A total of three vulnerabilities have been rated critical. One of them is CVE-2018-0171, an issue discovered by researchers […] more…"Fauxpersky" Credential Stealer Spreads via USB Drives
A recently discovered credential stealing malware is masquerading as Kaspersky Antivirus and spreading via infected USB drives, according to threat detection firm Cybereason. Dubbed Fauxpersky, the keylogger was written in AutoIT or AutoHotKey, which are simple tools to write small programs for various automation tasks on Windows. AHK can be used to write code to […] more…Crypto Mining Rampant in Higher Education
Figures from an analysis of 4.5 million monitored devices across 246 companies show that for every 10,000 devices and workloads, 165 contain active threats. The majority are given a low (113) or medium (18) threat priority; but 34 are ranked high or critical, requiring immediate attention. Deeper analysis of these figures in Vectra’s 2018 Attacker […] more…Iran-linked Hackers Adopt New Data Exfiltration Methods
An Iran-linked cyber-espionage group has been using new malware and data exfiltration techniques in recent attacks, security firm Nyotron has discovered. The threat actor, known as OilRig, has been active since 2015, mainly targeting United States and Middle Eastern organizations in the financial and government industries. The group has been already observed using multiple tools […] more…China-linked Hackers Target Engineering and Maritime Industries
A China-related cyberespionage group that has been active for half a decade has increased its attacks on engineering and maritime entities over the past months, FireEye reports. Referred to as Leviathan or TEMP.Periscope, the group has been historically interested in targets connected to South China Sea issues, which hasn’t changed in the recently observed attacks. […] more…PinkKite POS Malware Is Small but Powerful
A newly discovered piece of malware targeting point-of-sale (POS) systems has a very small size but can do a lot on the infected systems, security researchers reveal. Called PinkKite, the POS malware was observed last year as part of a large campaign that ended in December, but was only detailed last week at Kaspersky Lab’s […] more…Microsoft Publishes Bi-annual Security Intelligence Report (SIR)
Microsoft’s 23rd bi-annual Security Intelligence Report (SIR) focuses on three topics: the disruption of the Gamarue (aka Andromeda) botnet, evolving hacker methodologies, and ransomware. It draws on the data analysis of Microsoft’s global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together […] more…Microsoft Patches Remote Code Execution Flaw in CredSSP
A vulnerability (CVE-2018-0886) patched by Microsoft with its March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target […] more…Tropic Trooper’s New Strategy
by Jaromir Horejsi, Joey Chen, and Joseph C. Chen Tropic Trooper (also known as KeyBoy) levels its campaigns against Taiwanese, Philippine, and Hong Kong targets, focusing on their government, healthcare, transportation, and high-tech industries. Its operators are believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. […] more…How Hackers Bypassed an Adobe Flash Protection Mechanism
The number of Flash Player exploits has recently declined, due to Adobe’s introduction of various measures to strengthen Flash’s security. Occasionally, however, an exploit still arises. On January 31, Kr-Cert reported a zero-day vulnerability, identified as CVE-2018-4878, being exploited in the field. (Adobe has released an update to fix this flaw.) We analyzed this vulnerability […] more…February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities
Microsoft’s Patch Tuesday for February has a bevy of fixes addressing 50 security issues in Windows, Office (including Office Services and Web Apps), SharePoint, Internet Explorer, Edge, and ChakraCore JavaScript engine, as well as additional patches for the notorious Meltdown and Spectre vulnerabilities. Of these, 14 were rated critical. Eight of these security flaws were […] more…Digital Extortion: A Forward-looking View
In 2017, we saw digital extortion increasingly become cybercriminals’ first and foremost money-making modus operandi. It’s mostly due to ransomware — cybercriminals’ currently most popular weapon of choice, helping them in extorting cash from users all over the world and in hitting big businesses and organizations. By infecting business-critical systems through their shotgun-style ransomware attacks […] more…GhostTeam Adware can Steal Facebook Credentials
by Kevin Sun (Mobile Threat Analyst) We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, […] more…Malicious Document Targets Pyeongchang Olympics
McAfee Advanced Threat Research analysts have discovered a campaign targeting organizations involved with the Pyeongchang Olympics. Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”). The primary target of […] more…Apps Disguised as Security Tools Bombard Users With Ads and Track Users’ Location
In early December, we found a total of 36 apps on Google Play that executed unwanted behavior. These apps posed as useful security tools under the names Security Defender, Security Keeper, Smart Security, Advanced Boost, and more. They also advertised a variety of capabilities: scanning, cleaning junk, saving battery, cooling the CPU, locking apps, as […] more…Operation Dragonfly Analysis Suggests Links to Earlier Attacks
On September 6, Symantec published details of the Dragonfly campaign, which targeted dozens of energy companies throughout 2017. This attack was effectively Dragonfly 2.0, an update to a campaign that began in 2014. Moving beyond our 2014 analysis of Dragonfly, our current focus looks at the attack’s indicators to determine whether we can glean any […] more…More information
- HITB Throwback Thursday: Schneier On Society, Security, and More
- GTP Vulnerabilities Expose 4G/5G Networks to High-Impact Attacks
- Samba security patch fixes critical remote code execution hole
- Top 5 email security best practices to prevent malware distribution
- WWDC: What’s new for App Clips in ARKit 5
- Amazon surveillance cameras infected with malware
- CryptXXX Ransomware Gang Made $50,000 in Weeks
- Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
- Russia named world’s third-biggest internet spam source
- 10 Smart Tech Habits to Pass On To Your Kids