Destructive Shamoon Malware Hits Italian Oil and Gas Firm
Hackers hit the IT infrastructure of an Italian oil and gas company with a new version of a destructive malware program called Shamoon. Shamoon, also known as Disttrack, was first used in 2012 in attacks against Saudi Aramco, Saudi Arabia’s national oil and gas company, and then again in 2016 ... Read More
Microsoft Patches Another Actively Exploited Zero-Day Vulnerability
Microsoft released security updates for its products Dec. 11, fixing 38 vulnerabilities including a privilege escalation flaw in the Windows kernel that has been exploited by cyberespionage groups since October. The zero-day vulnerability, tracked as CVE-2018-8611, was reported to Microsoft by researchers from Kaspersky Lab who saw it being used ... Read More
Attack Kit Hijacks DNS of Home and Business Routers
For the past year, attackers have been using an exploit kit that changes the DNS settings of home and small-business routers through users’ browsers. The tool, dubbed Novidade, was first used in Brazil in August 2017, but researchers from antivirus firm Trend Micro have identified multiple variants since then and ... Read More
Two Dozen Click Fraud Apps Found in Google Play
Attackers managed to pass Google’s defenses and place 22 Android apps on Google Play that engaged in sophisticated advertising click fraud when installed on users’ phones. The majority of the apps were created after June 2018 and were collectively downloaded more than 2 million times until their removal around Nov ... Read More
Email Spam Campaign Targets U.S. Retail, Restaurant Sectors
A cybercriminal group has launched a malware campaign via personalized spear-phishing emails against large retail, restaurant and grocery chains in the United States, as well as against other organizations from the food and beverage industries. The spam campaigns, which distributed several Trojans including Remote Manipulator System (RMS) and FlawedAmmyy, were ... Read More
North Korean APT Group Targets Academia via Malicious Chrome Extensions
Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails which direct users to a website that asks them to install a “font manager” Chrome extension in order ... Read More
Business Email Compromise Gang Targeted 50,000 Company Executives
A Nigerian gang with members based in the U.K. is perpetrating a business email compromise operation aimed squarely at executives at companies with locations worldwide. The gang has compiled a target list of 50,000 email addresses belonging to company executives, the majority of them chief financial officers. Researchers from email ... Read More
Czech Republic Blames Russia for Yearlong Email Breach
The Czech government’s Security Information Service (BIS) revealed in a report that hackers associated with the Russian government are responsible for an email breach, compromising the email system of the country’s Ministry of Foreign Affairs (MFA) and reading sensitive communications for more than a year. According to the new report, ... Read More
Hackers Exploit UPnP in Routers to Expose Private Networks to Attacks
Hackers are exploiting insecure UPnP implementations in routers to expose millions of computers from inside private networks to SMB attacks. Universal Plug and Play (UPnP) is a service that allows devices to discover each other inside local networks and automatically open ports for data sharing, media streaming and other services ... Read More
U.S. Charges Two Iranians for SamSam Ransomware Attacks
The U.S. Department of Justice has charged two Iranian men for creating and distributing a ransomware program called SamSam that caused massive disruptions in hospitals, municipalities and public institutions over the past few years. SamSam appeared in late 2015 and immediately stood out because, unlike most ransomware at the time ... Read More
