SolarWinds hack investigation reveals new Sunspot malware

Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company’s Orion software. SolarWinds has also revealed a new timeline for the incident and the discovery … Continue reading SolarWinds hack investigation reveals new Sunspot malware

Can you trust attachments with unfamiliar extensions?

Microsoft’s security experts have warned on Monday about several email malware delivery campaigns exploiting the COVID-19 pandemic targeting companies in the US and South Korea. What they have in common is the ultimate delivery of the Remcos RAT … Continue reading Can you trust attachments with unfamiliar extensions?

Hackers try to breach WHO, other COVID-19-fighting orgs

“Elite” hackers have tried – and failed – to breach computer systems and networks of the World Health Organization (WHO) earlier this month, Reuters reported on Monday. In fact, since the start of the COVID-19 pandemic, the WHO … Continue reading Hackers try to breach WHO, other COVID-19-fighting orgs

Fake alerts about outdated security certificates lead to malware

Cyber criminals have been trying out a new approach for delivering malware: fake alerts about outdated security certificates, complete with an “Install (Recommended)” button pointing to the malware. The malware peddlers behind this scheme a… Continue reading Fake alerts about outdated security certificates lead to malware

December 2019 Patch Tuesday: Microsoft fixes one actively exploited zero-day

For December 2019 Patch Tuesday, Microsoft and Adobe have released the final scheduled security updates for this year. Microsoft’s fixes Microsoft’s security releases are for Windows, Internet Explorer, SQL Server, Visual Studio, Hyper-V Se… Continue reading December 2019 Patch Tuesday: Microsoft fixes one actively exploited zero-day

How Uzbekistan’s security service (allegedly) began developing its own malware

For years, Uzbekistan’s feared intelligence service, the National Security Service, has been accused of aggressively spying on citizens and abusing human rights in the Central Asian country under the guise of its counterterrorism and security operations. Now, the NSS’s reported use of hacking tools in that activity is coming into clearer view, thanks to new research. The ex-Soviet state’s security service appears to be shedding its hacking training wheels and making a lot of noise in the process. After burning multiple zero-day exploits acquired from vendors, an NSS-linked group dubbed SandCat has over the last year been testing malware it developed on its own, according to Brian Bartholomew, security researcher at cybersecurity company Kaspersky. The evolution shows how a proliferation of surveillance vendors has made it easier for relatively obscure governments to acquire and develop their own hacking tools. Before this project, Bartholomew hadn’t tracked any cyber activity out of Uzbekistan. “I […]

The post How Uzbekistan’s security service (allegedly) began developing its own malware appeared first on CyberScoop.

Continue reading How Uzbekistan’s security service (allegedly) began developing its own malware

Busted: Kaspersky AV Tracks Your Every Click

Kaspersky Lab’s endpoint security products track your web activity. And it allowed any other website to track you.
The post Busted: Kaspersky AV Tracks Your Every Click appeared first on Security Boulevard.
Continue reading Busted: Kaspersky AV Tracks Your Every Click

Assessing the efficiency of phishing filters employed by email service providers

Technology companies could be doing much more to protect individuals and organizations from the threats posed by phishing, according to research by the University of Plymouth. However, users also need to make themselves more aware of the dangers to ens… Continue reading Assessing the efficiency of phishing filters employed by email service providers

Russia’s Turla group goes trolling with code labeled “TrumpTower”

It’s a common practice: Researchers digging through malware find legitimate clues that point to its authors or data that are false flags meant to throw researchers off the right path. In the case of the Turla hacking group, which is reportedly tied to Russia’s FSB intelligence service, it is unclear why the group decided to name one of its code strings “TrumpTower” or another “RocketMan!” – presumably a reference to U.S. President Donald Trump’s nickname for North Korean dictator Kim Jong Un. Regardless of whether or not Turla was trolling, it’s clear to researchers from cybersecurity company Kaspersky that the new code was built for an ongoing hacking campaign aimed at a narrow set of unnamed government organizations. To deliver the malicious code to its targets, Turla used legitimate software downloaders, such as tools to evade internet censorship, that were infected with a “dropper” to install the malware. While not saying where the targeting […]

The post Russia’s Turla group goes trolling with code labeled “TrumpTower” appeared first on CyberScoop.

Continue reading Russia’s Turla group goes trolling with code labeled “TrumpTower”

Is ‘REvil’ the New GandCrab Ransomware?

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” Continue reading Is ‘REvil’ the New GandCrab Ransomware?