02 Oct 2019

Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls

Zoom and Cisco Webex have each issued patches for a vulnerability impacting their web conferencing software. In July of this year, security researchers with CQ Prime Threat Research discovered that it would be possible for threat actors to view or listen to ongoing Zoom and Webex meetings if they were

Read More
30 Sep 2019

New SIM card attack disclosed, similar to Simjacker

Security researchers from Ginno Security Labs have uncovered a new SMS-based attack that can be abused by cyber espionage actors to track users’ devices. The WIBattack takes advantage of vulnerabilities in the Wireless Internet Browser (WIB) app that runs on SIM cards. Earlier this month, research by AdaptiveMobile Security described

Read More
30 Sep 2019

Masad Spyware Uses Telegram Bots for Command-and-Control

Researchers with Juniper Threat labs have uncovered a new spyware variant targeting Windows and Android systems. The malware, called the “Masad Clipper and Stealer,” not only gathers sensitive data after infecting a device, but is also capable of extracting funds from cryptocurrency wallets. The threat actors are controlling the spyware

Read More
26 Sep 2019

Inside the campaign that tried to compromise Tibetans’ iOS and Android phones

Various Tibetan organizations were the targeted of a six-month cyber espionage campaign targeting iOS and Android devices, a new Citizen Lab report shows. Hackers from a threat group dubbed Poison Carp contacted individuals via WhatsApp, while masquerading as journalists and human rights researchers. The attackers used social engineering to encourage

Read More
25 Sep 2019

Russian state hackers rarely share code with one another

Researchers with Check Point and Intezer Labs have analyzed 2,000 malware samples linked to Russian advanced persistent threat (APT) groups in order to find connections between the malware strains. While 22,000 such connections were found, the report indicates that hackers working for the Russian government usually do not share their

Read More
25 Sep 2019

27 Countries Sign Pledge to Play Nice Online

Earlier this week, 27 countries released a joint statement in which they pledged to cooperate on holding countries accountable for offensive cyber campaigns, warning that “there must be consequences for bad behavior in cyberspace.” The countries want to address the status quo in which “state and non-state actors are using

Read More
24 Sep 2019

More US Utility Firms Targeted in Evolving LookBack Spearphishing Campaign

Researchers with Proofpoint have updated their analysis of a recent spearphishing campaign going after US utility companies. The campaign was initially discovered in July of this year, when three firms were targeted with malicious phishing messages distributing a new kind of remote access trojan (RAT) dubbed LookBack. As it turns

Read More
17 Sep 2019

US Huawei problem goes far beyond trade, security official says

In a presentation at the multilateral action on sensitive technologies (MAST) conference, US State Department official Ashley Ford last week outlined why the US government’s security worries about Huawei go way beyond the ongoing trade war between the US and China. In May of this year, US President Donald Trump

Read More
12 Sep 2019

Simjacker vulnerability actively exploited to track, spy on mobile phone owners

Threat actors are actively exploiting a security weakness in SIM cards in order to covertly collect the location information of thousands of users, new research by AdaptiveMobile Security shows. The firm warns that the Simjacker attack, which involves sending malicious SMS messages to vulnerable devices, may put over 1 billion

Read More
10 Sep 2019

Public Exposure Does Little to Slow China-Based Thrip APT

Symantec warns that in the past year, Chinese cyber-espionage group Thrip has launched successful campaigns against no less than 12 military, telecom and satellite organizations across Southeast Asia. Evidently, a 2018 report by Symantec detailing Thrip’s activities has done little to deter the group. Thrip has adopted new malware in

Read More