Archive
Iranian Developer Advertised BlackRouter RaaS
An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model. An Iranian developer is advertising on Telegram a Ransomware-as-a-Service called BlackRouter. The same expert advertises other malware and is believed to the author
Collection #1 Data Dump The Tip of the Iceberg
A recently discovered trove of breached data is just a small part of a major 871GB haul up for sale on the dark web which could contain billions of records, according to experts. The 87GB Collection #1 dump was first
Global Firms Face $5tr in Cybercrime Losses
Global firms could lose over $5tr to cybercrime over the next five years, a new Accenture study has warned. The consulting giant interviewed over 1700 CEOs and other C-suite executives to compile its report, Securing the Digital Economy: Reinventing the
The electronics firm Omron released a security update to address flaws in its CX-Supervisor product that can be exploited DoS attacks and remote code execution. CX-Supervisor allows to rapidly create human-machine interfaces (HMIs) for supervisory control and data acquisition (SCADA)
Collection #1 Data Breach Analysis – Part 1
Cybersecurity expert Marco Ramilli has analyzed the huge trove of data, called Collection #1, that was first disclosed by Troy Hunt. Few weeks ago I wrote about “How Data Breaches Happen“, where I shared some public available “pasties” within apparently
Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The
Facebook has removed hundreds of fake Pages and accounts after spotting a coordinated effort by Russian state-linked actors to spread disinformation in Ukraine and other former Soviet countries. There were two linked campaigns: the first targeting Romania, Latvia, Estonia, Lithuania,
Security experts attributed new malicious campaigns to the DarkHydrus APT group (aka Lazy Meerkat), threat actors used a new variant of the RogueRobin Trojan and leveraged Google Drive as an alternative C2 channel. DarkHydrus was first discovered by experts at
Hackers Use PayPal to Phish with Ransomware
A new strain of yet another ransomware campaign has been discovered in which the malicious actors have expanded payment options beyond Bitcoin; they are instead offering alternatives (such as PayPal) that include a phishing link, according to MalwareHunterTeam. Attackers are
New Year, New Features for Fallout EK
The new year is a time for resolutions and promises of change, so much so that even malware has returned from a bit of time off with some new features, including a new Flash exploit, according to Malwarebytes head of
Security experts from Trend Micro have recently spotted two Android apps that use the motion sensor to evade detection and spread the Anubis banking Trojan. Malware authors continue to improve their malicious apps to avoid detection and infect the largest
Malware Evades Detection One Step at a Time
Malicious code was lurking about in two different apps within the Google Play store, according to researchers at Trend Micro who have disclosed that they discovered a banking Trojan in what seemed like legitimate apps. Both the currency converter and
Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit
House Releases Cybersecurity Strategy Report
The House Energy and Commerce Committee released the comprehensive Cybersecurity Strategy Report, in which it identified procedures to both address and prevent cybersecurity incidents. In the report, the committee identified six key concepts and priorities, noting, “The identification of these
Over two-thirds of UK firms have fallen victim to a cyber-attack over the past year, with many claiming they don’t get enough guidance from the government on how to combat threats, according to RedSeal. The security vendor polled over 500
A critical flaw in online flight ticket booking system developed by Amadeus could impact almost half of the fight travelers of 141 airlines around the world A critical flaw in online flight ticket booking system developed by Amadeus could be