21 Jan 2019

Cybercrime could cost companies trillions over the next five years

A new report(pdf) by Accenture indicates that over the next 5 years, cyberattacks could result in global costs totaling $5.2 trillion. That amount includes both lost revenue for companies and the expenses businesses are likely to incur due to attacks. The high costs have to do with the growth of

Read More
21 Jan 2019

DarkHydrus abuses Google Drive to spread RogueRobin Trojan

Researchers with the 360 Threat Intelligence Center (360TIC) have spotted a new attack campaign by the DarkHydrus advanced persistent threat (APT) group, also called Lazy Meerkat, which goes after political targets in the Middle East. DarkHydrus is known for targeting victims with spear-phishing emails and is currently spreading the RogueRobin backdoor Trojan through malicious Microsoft

Read More
21 Jan 2019

Ex-Employee Hacks WPML WordPress Plugin Site and Spams Users

The website of the WordPress Multilingual Plugin (WPML) has been hacked by an ex-employee over the weekend. As part of the attack, the threat actor sent an email to the 600,000 WPML customers claiming that the plugin for multilingual website support is riddled with “ridiculous security holes”, which caused two of

Read More
21 Jan 2019

Fallout EK Retools for a Fresh New 2019 Look

The infamous Fallout exploit kit (EK), commonly used in malvertising campaigns, has received a major update and can now deliver GandCrab ransomware. After a brief lull in activity since the end of last year, researchers with Gigamon have spotted a new wave of activity involving the malicious toolbox. The EK

Read More
18 Jan 2019

Government cybersecurity at risk as shutdown lingers

Due to the ongoing shutdown, US government agencies are becoming increasingly vulnerable to cyberattacks. Because cybersecurity and IT staff have been furloughed in many government agencies, TLS certificates for government websites are not being renewed, systems aren’t being patched and there is no active monitoring of agency networks for performance

Read More
18 Jan 2019

These malicious Android apps will only strike when you move your smartphone

Once again, cybercriminals have managed to sneak malicious apps onto the Google Play Store. Researchers with Trend Micro have found two Android apps on Google Play that serve the Anubis banking Trojan, but only if information from the motion sensors on the targeted device indicate movement. The two apps are Currency

Read More
18 Jan 2019

Malware can now evade cloud security tools, as cybercriminals target public cloud users

Rocke Group, a cybercrime group believed to be operating from China, has developed cryptocurrency mining software that can uninstall cloud-based security solutions from targeted systems as a way of evading detection. Researchers with Palo Alto have so far only found proof that the malware works on Chinese cloud security solutions,

Read More
18 Jan 2019

Ongoing Attacks Hit West African Financial Institutions Since Mid-2017

Financial institutions in Cameroon, Congo (DR), Equatorial Guinea, Ghana and Ivory Coast have been targeted by unknown threat actors in a cyberattack campaign that started in mid-2017 and is still ongoing. According to security researchers with Symantec, the attackers have been using a variety of open-source and off-the shelf malware tools including

Read More
18 Jan 2019

Twitter Fixes Four Year Old Bug in Android App Exposing Private Tweets

Due to a bug in Twitter for Android, the app has exposed the private Tweets of an unknown number of users for over 4 years. The issue caused the app to make changes to the accounts of affected users, such as turning off the “Protect your Tweets” setting. The bug

Read More
17 Jan 2019

Massive Oklahoma Government Data Leak Exposes 7 Years of FBI Investigations

In the latest data leak stemming from an unsecured web server, 3 terabytes of data belonging to the Oklahoma Securities Commission has been found exposed to the Internet. The millions of unencrypted files included highly sensitive government information, such as details of FBI investigations, email archives and social security numbers. An UpGuard

Read More