Cybersecurity

Low Cost Tools Lowers Hurdle for Budding Cybercriminals

Low Cost Tools Lowers Hurdle for Budding Cybercriminals

Cybersecurity firm SecureWorks recently reported that the declining cost of cybercrime tools is encouraging a greater number of inexperienced hackers to conduct malicious online activities. In the 2017 State of Cybercrime: Exposing the threats techniques and markets that fuel the economy of cybercriminals, the firm’s Counter Threat Unit reveals that low-level hackers now have easier access to tools such as malware as a service and cheap spam botnets. The report cited a large botnet named Kelihos as an example, which only charged $200 per 1 million emails. SecureWorks also confirmed that personal information is still a popular commodity in the […]

Air-gapped Networks Can Now be Compromised by CCTV Cameras

Air-gapped Networks Can Now be Compromised by CCTV Cameras

Research from an Israeli cybersecurity team has shown that it is possible to infiltrate networks isolated from the Internet and other networks using infrared light from CCTV cameras. Led by Dr. Mordechai Guri, researchers from Ben-Gurion University of the Negev demonstrated an attack called aIR-Jumper where malicious code can be used to establish a bi-directional covert communication that uses IR illumination to transmit data. Attackers can use IR LEDs to send binary data like command and control or beacon messages on top of IR signals to surveillance cameras. The team has previously published their studies on similar attacks such as […]

Swiss Watchdog Cracks Down on Fake Cryptocurrency

Swiss Watchdog Cracks Down on Fake Cryptocurrency

Zurich, Switzerland – Switzerland’s FINMA has recently shut down a provider of fake cryptocurrency called Quid Pro Quo Association which has been able to raise as much as $4.2 million from around a hundred investors. The financial watchdog revealed that the fake “E-coin” the group was offering were stored locally on their servers, unlike real cryptocurrencies such as Bitcoin which uses distributed networks on blockchain technology. FINMA is also investigating around a dozen more fraud cases related to virtual money, and had revealed that it is closely watching three more companies on its list. Source: Reuters

New York Gov Says Credit-Reporting Companies Need to Follow Cyber Rules

New York Gov Says Credit-Reporting Companies Need to Follow Cyber Rules

New York, USA – In a comment made in relation to the Equifax hacking incident last Monday, New York Governor Andrew Cuomo said that credit-reporting firms should be made to comply with state cyber-security regulations. According to Cuomo, he is planning to require the firms to register with the state, otherwise they will be barred from doing business with New York state-regulated companies. He also said that the Equifax incident should serve as a wake-up call, and that the state is raising its standards for consumer protection and will bar credit reporting agencies found to be engaging in unfair, deceptive, […]

New WikiLeaks Release Details Russian Surveillance Apparatus

New WikiLeaks Release Details Russian Surveillance Apparatus

In a move which many say is a deflection of pro-Russia accusations against its founder, a recent release of documents from WikiLeaks claims to detail the surveillance apparatus that the Russian government uses to snoop on mobile and Internet users. Julian Assange is currently facing charges which allege that his organization is a front for Kremlin. The suspicions were reinforced when WikiLeaks released a trove of hacked DNC emails last year. The said documents, mostly in Russian, mentions a company called Peter-Service which has become a major software supplier to the telecoms industry. The company is said to be working […]

Compromised Version of CCleaner Distributes Malware

Compromised Version of CCleaner Distributes Malware

A version of the CCleaner app was found to have been modified to include a malware. According to Cisco Talos and MorphiSec, version 5.33 that was available for download sometime between August 15 to September 12 was infected by the Floxif malware. Floxif malware downloads and harvests information from the infected computers and systems which it then sends the data back to the C&C server. It is also believed to be capable of downloading and executing other binaries, but has not yet been observed to do so. Security researchers identified that Floxif only executed in 32-bit systems and would quit […]

Equifax Blames Hack to Web Server Vulnerabilities

Equifax Blames Hack to Web Server Vulnerabilities

Equifax Inc, a US credit reporting company, points that recent data breach where 143 million U.S consumers’ personal information got leaked, was due to a web server vulnerability from Apache Struts, an open-source software the company used. The breach is considered as one of the largest, and is particularly concerning as the information leaked included names, Social Security, addresses, birthdays, and even driver’s license numbers. Almost 40 states joined an inquiry on how the company is taking care of the breach. Richard Smith, the Chief Executive of Equifax is to testify on October 3 in front of a U.S House […]

Another Researcher Reveals Unpatched Flaws of DLink Routers

Another Researcher Reveals Unpatched Flaws of DLink Routers

Just a few days after a South Korean security researcher revealed 10 unpatched vulnerabilities with D-Link routers, security company Embedi published another two. Embedi said that it has decided to publish its findings after the router manufacturer had failed to address two out of three flaws that they had reported around three months ago. D-Link router models DIR890L, DIR885L, and DIR895L were found to have the flaw which Embedi stresses, are extremely dangerous as it allows the routers to be contaminated with the Mirai malware. Embedi also complained that their interaction with D-Link had brought no results. Similarly, the South […]

Microsoft Patches Office Flaw Used to Spread FinSpy Malware

Microsoft Patches Office Flaw Used to Spread FinSpy Malware

Microsoft has recently patched a vulnerability in Office that according to FireEye researchers, has been used to deploy a surveillance malware called FinSpy. The security experts revealed in a blogpost that the malware is delivered using a Rich Text document file which when opened, executes a malicious code to launch FinSpy. The malware is said to be the work of the Gamma Group which is known for conducting legal surveillance and espionage. The Germany-based firm is also said to have an ongoing campaign to find vulnerabilities in the security of products from major companies such as Microsoft The researchers surmise […]

Security Report Says CEOs are Most Vulnerable to Business Email Compromise

Security Report Says CEOs are Most Vulnerable to Business Email Compromise

A recent report by Trend Micro revealed that cyber attackers are able to fool CEOs the most via email schemes. The security company’s 2017 “Midyear Security Roundup: The Cost of Compromise” report stated that while finance directors or CFOs are still the top targets, followed by other positions that handle sensitive financial information, directors and managing directors get fooled just as frequently as CEOs.   US is still the prime target of business email compromise (BEC) attacks at 30.96%, followed by Australia and the UK. Statistics from the FBI show that BEC attacks have already caused losses estimated at $5.3 […]