Ukrainian Suspected of Leading Carbanak Gang Arrested in Spain
A Ukrainian national suspected of being the leader of a gang that used Carbanak malware to steal a significant amount of money from banks worldwide has been arrested in Spain, Europol and the Spanish government announced on Monday. According to authorities, the man is believed to be the mastermind of an operation that resulted in […] more…Energy Sector Most Impacted by ICS Flaws, Attacks: Study
The energy sector was targeted by cyberattacks more than any other industry, and many of the vulnerabilities disclosed last year impacted products used in this sector, according to a report published on Monday by Kaspersky Lab. The security firm has analyzed a total of 322 flaws disclosed in 2017 by ICS-CERT, vendors and its own […] more…IETF Approves TLS 1.3
The Internet Engineering Task Force (IETF) last week announced the approval of version 1.3 of the Transport Layer Security (TLS) traffic encryption protocol. The Internet standards organization has been analyzing proposals for TLS 1.3 since April 2014 and it took 28 drafts to get it to its current form. TLS is designed to allow client […] more…UK Regulators Search Cambridge Analytica Offices
British regulators on Friday began searching the London offices of Cambridge Analytica (CA), the scandal-hit communications firm at the heart of the Facebook data scandal, shortly after a judge approved a search warrant. Around 18 enforcement agents from the office of Information Commissioner Elizabeth Denham entered the company’s London headquarters at around 8:00pm (2000 GMT) […] more…Ransomware Hits City of Atlanta
A ransomware attack — possibly a variant of SamSam — has affected some customer-facing applications and some internal services at the City of Atlanta. The FBI and incident response teams from Microsoft and Cisco are investigating. The city’s police department, water services and airport are not affected. The attack was detected early on Thursday morning. […] more…U.S. Imposes Sanctions on Iranians for Hacking
U.S. Charges Iranians in Massive Hacking Scheme The United States unveiled charges on Friday against nine Iranians for their alleged involvement in a massive state-sponsored hacking scheme which targeted hundreds of universities in the US and abroad and stole “valuable intellectual property and data.” Ten Iranians were also hit with sanctions along with an Iranian […] more…Pwner of a Lonely Heart: The Sad Reality of Romance Scams
Valentine’s Day is a special holiday, but for victims of romance scams it is a tragic reminder, not only of love lost, but financial loss as well. According to the FBI Internet Crime Complaint Center (IC3), romance scams accounted for $230 million in losses in 2016. Men and women may jokingly refer to their significant […] more…Worried About Being on Facebook? Some Options Explained
A snowballing Facebook scandal over the hijacking of personal data from millions of its users has many wondering whether it’s time to restrict access to their Facebook information or even leave the social network altogether, with the #deletefacebook movement gaining traction. Here are some options open to the worried Facebook user. Put it to sleep […] more…You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report
The cost of having an organization targeted by a distributed denial of service (DDoS) attack for an hour is as low as $10, cybersecurity firm Armor says. The low cost of launching such attacks results from the proliferation of cybercrime-as-a-service, one of the most profitable business models adopted by cybercriminals over the past years. It […] more…Iran-linked Hackers Adopt New Data Exfiltration Methods
An Iran-linked cyber-espionage group has been using new malware and data exfiltration techniques in recent attacks, security firm Nyotron has discovered. The threat actor, known as OilRig, has been active since 2015, mainly targeting United States and Middle Eastern organizations in the financial and government industries. The group has been already observed using multiple tools […] more…Android Trojan Leverages Telegram for Data Exfiltration
A newly discovered Android Trojan is abusing Telegram’s Bot API to communicate with the command and control (C&C) server and to exfiltrate data, Palo Alto Networks security researchers warn. Dubbed TeleRAT, the malware appears to be originating from and/or to be targeting individuals in Iran. The threat is similar to the previously observed IRRAT Trojan, […] more…Siemens Patches Flaws in SIMATIC Controllers, Mobile Apps
German industrial giant Siemens has released security patches for several of its SIMATIC products, including some controllers and a mobile application. Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-of-service (DoS) vulnerability that can be exploited by sending specially crafted PROFINET DCP packets to affected systems. The flaw, […] more…Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home routers. Through our incident response-related monitoring, we observed intrusion […] more…U.S. Military Should Step Up Cyber Ops: General
Washington – US efforts to conduct offensive and defensive operations in cyberspace are falling short, a top general warned Tuesday amid ongoing revelations about Russian hacking. General John Hyten, who leads US Strategic Command (STRATCOM), told lawmakers the US has “not gone nearly far enough” in the cyber domain, also noting that the military still […] more…Virsec Raises $24 Million in Series B Funding
Virsec, a cybersecurity company that protects applications from various attacks, today announced that it has closed a $24 million Series B funding round led by tech investment firm BlueIO. This latest funding round brings the total amount raised to-date by the company to $32 million. The company previously raised $1 million in seed funding and […] more…Online Sandbox Services Used to Exfiltrate Data: Researcher
Attackers can use online sandbox services to exfiltrate data from an isolated network, a SafeBreach security researcher has discovered. The new research is based on the discovery that cloud anti-virus programs can be exploited for data pilfering. Last year, SafeBreach Labs’ Itzik Kotler and Amit Klein demonstrated proof-of-concept (PoC) malware abusing this exfiltration method, and […] more…More information
- Top US patent judge resigns following "ethical breach"
- Chinese city sealed off after man dies from bubonic plague
- Five ways to help insure your computer isn’t spied on by prying eyes
- High-dimensional quantum encryption performed in real-world city conditions for first time
- Microsoft Windows Kernel CVE-2018-0820 Local Privilege Escalation Vulnerability
- Firefox 78 is out – with a mysteriously empty list of security fixes
- Resolved: TLT Services in Degraded State
- Microsoft Exchange Server CVE-2014-6336 Tokens Validation URI Redirection Vulnerability
- New KillDisk Variant Spotted in Latin America
- Dell announces UltraSharp 4K displays — 1080p is now obsolete