Attack News, Articles and Updates

VPNFilter malware far more extensive than first thought

Giant IoT botnet malware targeting routers keeps getting worse, with an ever-expanding list of devices vulnerable to attack.

Update: Subdomain flaw puts users at risk

Security researchers are reporting a phishing attack technique which hackers may be using in the wild, and could put websites at risk of attack.

FBI seizes domain behind VPNFilter botnet

The FBI has seized the domain it believes is linked to the Russian-run VPNFilter botnet that was poised to launch a massive attack, possibly against the Ukraine.

Mirai-variant attack launched from Mexico

A pair of Trend Micro research teams has detected and done a quick cyber-autopsy on a new Mirai-like attack that popped up in Mexico earlier this month targeting GPON home routers and IP webcams.

MEWKit phishing campaign steals MyEtherWallet credentials

The cyber-criminals who last April executed a man-in-the-middle attack on a Amazon DNS server to steal £112,699 in Ethereum cryptocurrency from MyEtherWallet.com pulled off their heist using a newly discovered phishing kit.

Office 365 defences vulnerable to baseStriker malware

Microsoft's Office 365 has been found vulnerable to attack methodology that enables malicious links to sneak past most of the product's cyber-security defences by splitting off the dangerous part of the link to it is not spotted.

NHS' new £150m Microsoft deal to upgrade all legacy systems to Windows 10

In November last year, six months after the WannaCry ransomware attack took place, the NHS entered into a landmark Custom Support Agreement with Microsoft.

Amazon Echo made to eavesdrop without exploit or manipulation

Checkmarx security researchers developed a proof of concept attack that would allow and enable an Amazon Echo to continue recording a user long after a request is made.

Orangeworm attacks X-Ray machines in campaign spanning UK, Europe, US

A new attack group - Orangeworm - targeting the healthcare sector and related industries has been spotted by security researchers from Symantec.

Sun Trust ex-employee helps compromise 1.5 million bank clients

Sun Trust Bank today confirmed it was hit with an insider attack when a former employee, working with a third party, stole company contact lists possibly exposing the personal information of up to 1.5 million customers.

Mirai variant that struck financial institutions in January detailed

Another variant of the Mirai botnet was used to attack at least three financial institutions earlier this year using a variety of compromised consumer and enterprise-level IoT products.

US military cyber-commanders call for going on the attack

Several senior US military commanders called for the nation's cyber-forces to go on the attack during a March 13 Senate Armed Services Subcommittee on Cyber-security hearing.

Turkish financial institutions spearphished: North Korea possible attacker

The reputed state-sponsored North Korean hacking group Hidden Cobra has once again been caught in a malware attack against financial organisations.

GitHub rides record-breaking DDoS attack that leveraged memcached servers

GitHub on Wednesday withstood the largest-ever recorded distributed denial of service attack in history, experiencing roughly 10 minutes of disruption during the onslaught, which was amplified using exposed memcached servers.

Recently patched Flash vulnerability spotted in massive malspam campaign

A recently patched Flash Player flaw was exploited in a widespread attack spam campaign primarily targeting South Koreans.

If ransom paid in Bitcoin Cash don't expect to get files back

A new ransomware attack called Thanatos demands payment in Bitcoin Cash, which contains a decryption bug that makes it impossible for attack victims to recover stolen files, reports security researcher Malware HunterTeam.

'First true' native IPv6 DDoS attack spotted in wild

First in-the-wild DDOS IPV6 attack hits servers, with portents of more to come. The DNS dictionary attack originated from around 1,900 different native IPv6 hosts, on more than 650 different networks.

Enter boardroom, set hair on fire. How not to tackle incident response

Event anomalies can be an indicator of attack, but they can also just be an IT problem. New research suggests the latter might be more common than you think.

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

Ransomware attack on US newspaper database exposes 19.5M voter records

The Sacramento Bee newspaper in the US deleted two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million voters and 53,000 current and former subscribers to the newspaper.

Flash Player zero-day attacks attributed to advancing North Korean APT

Researchers are reporting that an increasingly sophisticated North Korean hacking group is responsible for an attack campaign exploiting CVE-2018-4878, a critical use-after-free flaw in Flash Player that has not yet been patched.

POS vulnerability affecting 300,000 systems patched by Oracle

Oracle recently patched a Micros point-of-sale vulnerability which could have allowed an attacker to read any file and receive information about various services without authentication from a vulnerable MICROS workstation.

Active Directory attack could enable malicious domain controller set up

DCShadow attack allows installation of backdoor. Hackers could set up their own fake domain controller in an existing corporate network to distribute malware and leave a backdoor.

New Mirai botnet variants target ARC processors, cryptomining hosts

A newly discovered variant of the Mirai Internet of Things botnet is specifically designed to attack the ubiquitous 32-bit embedded Argonaut RISC Core processor from ARC International.

Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber-espionage operation that targeted a Middle Eastern government organisation.

Satori Botnet able to launch crippling attacks at any time

A massive new IoT botnet dubbed Satori has emerged, which security researchers fear, can launch crippling attacks at any time. According to the IBT the botnet has already infected more than 280,000 IP addresses in just 12 hours.

Market-leading security products broken by Doppelganging attack

New Doppelganging attack process memory attack methodology not only defeats market-leading security products but breathes new life into old threats at the same time.

Understanding the human element behind cyber-attacks: indicators of attack

Joep Gommers explains why focusing on the actor will help businesses to protect themselves from a potential cyber-attack, hence the need to understand indicators of attack, in addition to indicators of compromise.

How long must we wait for Tesco to reveal cyber-heist attack data?

The Tesco Bank cyber-heist was Britain's biggest attack to date but the information on how the attack was perpetrated is not being shared with those who need to know, reports Davey Winder.

120k strong botnet found in the wild

Networking and telecomms specialists Level 3 have discovered a botnet of 120,000 devices in the course of conducting DDoS research.