A hacking group is using updated cyber-attacks as part of a campaign targeting a European government, in what's thought to be a continued attempt to conduct espionage and surveillance.
The latest campaign by the Fancy Bear group -- also known as Sofacy and APT28, and believed to be linked to the Kremlin -- has been uncovered by researchers. They observed the campaign taking place on March 12, and then again on March 14. In these attacks, the Sofacy group employs an updated version of DealersChoice, a platform that exploits a Flash vulnerability to stealthily deliver a malicious payload of trojan malware.Read more
Manufacturers of modern vessels didn’t escape the common trend of connecting various parts of their ships to the Internet. As a result, any modern yacht now contains not only navigation systems, but also a pack of IoT devices with routers and switches — regardless of whether they’re really necessary.
As a result, yachts have the same security problems as other devices that suddenly became Internet-friendly: Technologies developed before modern security standards, navigation and infotainment systems connected to the same network, unprotected Internet connections on board, and more.Read more
Cybercriminals have found another way to spread their malware: uploading cryptocurrency mining code to GitHub, according to security researchers at security company Avast.
Developers 'fork' projects on GitHub, which means making a copy of someone else's project in order to build on it. In this case, the cybercriminals fork random projects and then hide malicious executables in the directory structure of these new projects, the researchers said. Users don't need to download the malicious executables directly from GitHub. Instead, the malware is spread via a phishing ad campaign.Read more
One of the most interesting revelations from researchers at Kaspersky Security Analyst Summit (SAS) this year was a report on a highly sophisticated cyberespionage campaign called Slingshot.
The first part to understand is the means of infection. What makes this initial attack vector unique is that, according to research, many victims were attacked through compromised routers made by MikroTik. Routers download and run various DLL files in the normal course of business. Attackers found a way to compromise the devices by adding a malicious DLL to an otherwise legitimate package of other DLLs.Read more
The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.
Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.Read more
Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.
Experts have obtained a copy of the letter, which more than half a dozen sources described as unsolicited and unusual in how blunt and direct it was. Experts confirmed that at least five American firms received the letter, and multiple sources told us it was sent to many more.Read more
Attackers have generated $3,900 so far in an ongoing campaign that's exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.
The misconfiguration vulnerabilities are similar in some respects to ones Google Project Zero researcher Tavis Ormandy reported recently in the uTorrent and Transmission BitTorrent apps. Proof-of-concept attacks Ormandy developed exploited weaknesses in the programs' JSON-RPC interface, which allows websites a user is visiting to initiate downloads and control other key functions.Read more
A hacking operation has expanded its operations taking advantage of new tools - including the EternalBlue SMB exploit - to attack organisations across the Middle East for the purposes of surveillance and intelligence gathering.
Targets are mostly working in telecoms and transport and their surrounding supply chains - with IT software, payroll, aircraft services and engineering firms all targets during the last year. The operations of Chafer, an Iran-based targeted attack group have been detailed by researchers at security company Symantec, who note that since first being exposed in 2015, the group has expanded its surveillance and cyber attack operations.Read more
The flaw in question, CVE-2018-4878, is a use-after-free bug that Adobe patched on February 6, following reports that North Korean hackers had been exploiting the vulnerability in attacks aimed at South Korea.
The threat group, tracked as APT37, Reaper, Group123 and ScarCruft, has been expanding the scope and sophistication of its campaigns. After Adobe patched the security hole, which allows remote code execution, other malicious actors started looking into ways to exploit CVE-2018-4878. Morphisec said it spotted a campaign on February 22, which had been using a version of the exploit similar to the one developed by APT37.Read more
Microsoft Word documents can now be used by hackers to deliver a cryptojacking script—hijacking a victim's computer to mine the cryptocurrency Monero. The attack utilizes Word's Online Video feature to commandeer the CPU.
The feature allows a Word user to simply paste the iframe embed code to add an internet video to a Word document. The video will then pop up in the Word document, and can be played the next time a user opens the document. However, an attacker can add the cryptojacking script in with the video code, tricking the victim into performing Monero mining for them.Read more