Latest News

24 hours ago
Zack Whittaker / TechCrunch

Hacker Stole, Posted Online More Than 4,800 Documents From Mexican Embassy in Guatemala

A hacker who goes by the handle @0x55Taylor stole more than 4,800 documents from Mexico’s embassy in Guatemala and posted them online, most of which relate to the bureaucratic workings of the Mexican embassy in the Guatemalan capital, including its consular activities, such as recognizing births and deaths and the granting of diplomatic rights, privileges and immunities to embassy staff.

2 days ago
Cyrus Farivar and David Ingram / NBC News

WannaCry Hero Marcus Hutchins Pleads Guilty to Two Hacking-Related Charges

UK citizen Marcus Hutchins has pleaded guilty two of the 10 hacking-related charges that a grand jury in the U.S. District Court in Milwaukee indicated him on, according to a copy of the plea agreement. Hutchins has been trapped in the U.S. since August 2017 when the FBI detained him at McCarran airport in Las Vegas following the DEFCON conference. He pleaded guilty to entering into a conspiracy to distribute the Kronos banking malware and aiding and abetting its distribution. The government dropped eight other charges against him.  In a statement on his website, Hutchins expressed regret for his actions and promised to devote his time to keeping people safe from malware. Hutchins, who also goes by the name Malwaretech, was, prior to his arrest, famous for inadvertently stopping the destructive WannaCry worm from spreading further in May 2017.

2 days ago
Elliot Alderson / Medium

Flaw Found and Fixed in French Government’s Just-Launched Secure Messaging App Tchap

French security researcher Baptiste Robert found a serious flaw in a messaging app called Tchap, which the French government launched on April 17 as a secure form of communications to keep conversations private among government officials. In building Tchap France’s digital transformation agency DINSIC used a fork of the open source Riot Android app, which in turn relies on an open source end-to-end encrypted messaging protocol called Matrix. Access to the app is supposed to be restricted to government officials but due to a bug in Matrix, Robert created an account even without an official government address. Robert, who goes by the handle Elliot Alderson on Twitter, reported the bug to Matrix, which issued a fix.

2 days ago
ALEX DAUGHERTY, DAVID SMILEY, AND STEVE CONTORNO / Miami Herald

Mueller Report Says Russia’s GRU Gained Access to at Least One Florida County’s Election Network During 2016 Campaign

According to Special Counsel Robert Mueller’s report, Russian hackers gained access to at least one Florida county’s election computer network during the 2016 presidential campaign. The report said that the FBI concluded that the GRU, Russia’s foreign military intelligence agency, sent spearphishing emails with malware-laden Word documents attached to over 120 email accounts used by Florida county officials responsible for overseeing the 2016 election. The malware reportedly gave the GRU access to the victims’ computers. Mueller did not independently verify the FBI’s analysis and the Florida Department of State said it has no knowledge of any successful hacking attempt during the 2016 election.  Florida Democratic Senator Bill Nelson said last year that Russian operatives had “penetrated” some county voter registration databases in Florida and at least one U.S. government official confirmed Nelson’s statement at the time.

3 days ago
Chris Morris / Fortune

Weather Channel Suspended Live Transmissions for Hour and Forty Minutes Due to Ransomware Attack

As severe thunderstorms knocked out power to 100,000 people across U.S. southern states, cable network The Weather Channel couldn’t transmit programming live for an hour and forty minutes due to an unspecified ransomware attack. The channel was unable to broadcast live programming from 6 am through 7:39 am ET due to a “malicious software attack,” it revealed both on air and on Twitter and was forced to run a taped episode of Heavy Rescue: 401.

3 days ago
Nick Bastone and Rob Price / Business Insider

Facebook Updates Old Blog Post to Say That Millions of Instagram Users’ Unencrypted Passwords Were Exposed to Employees for Years

In a confusing move on a busy news day that saw not only the release of the Mueller report but also other news affecting the company, Facebook updated an old blog post to announce it had stored millions of Instagram users’ passwords in an unencrypted format easily readable by its employees for years. The old blog post, dating from March, had originally announced that the unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers and that thousands of Instagram users had been similarly affected. The update to the blog post simply changed the words “tens of thousands” to “millions” for Instagram users. Facebook yesterday confirmed another security incident where it had accidentally scarfed up the contact lists for 1.5 million users.

3 days ago
Andy Greenberg / Wired

Mystery Leaker Has Been Dumping Iranian Hacking Team APT34’s Data, Tools and Identities Onto Public Telegram Channel

Like the Shadow Brokers, who began dumping NSA hacking tools on the web several years ago, a mystery person or group has been targeting a top Iranian hacker team known as APT34 or Oilrig, dumping their secret data, tools and even identities onto a public Telegram channel called “Lab Dookhtegan” or “Read My Lips.” The leakers have been dumping a collection of the hackers’ tools, evidence of their intrusion points for 66 victim organizations across the world, the IP addresses of servers used by Iranian intelligence, and the identities and photographs of alleged hackers working with the OilRig group.

3 days ago
Rob Price / Tech Insider

Facebook Says It Unintentionally Uploaded Contact Lists of 1.5 Million New Users Garnered From Their Email Accounts

Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network without their knowledge or consent. The surreptitiously gathered contact lists were used to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add. The social media giant said the contact data was unintentionally uploaded and that it is now in the process of deleting those contacts. Prior to May 2016, Facebook allowed some users to verify their accounts using their email passwords and voluntarily upload their contacts at the same time. However, a change occurred and a message notifying the new users that their contacts would be uploaded was deleted.

3 days ago
Catalin Cimpanu / ZDNet

Cybersecurity Firm Verint Hit By Ransomware

The Israeli offices of US cybersecurity firm Verint have been hit by ransomware, which affected the company’s on-premise email and Green zone VDI [Virtual Desktop Infrastructure] services, according to an employee’s screenshot. Verint said it identified that attack as soon as it began and took steps to thwart it.

3 days ago
Rob Stumpf / The Drive

Thieves Stole at Least 100 Luxury Cars From Car2Go in Chicago Using a ‘Mobile App’ in What Some Reports Characterize as a Hack

Thieves stole around 100 to 200 cars from BMW and Daimler-backed car-sharing program Share Now (formerly known as Car2Go) in Chicago using a “mobile app” in an incident that some reports have characterized as a hack but that company calls a case of fraud. Police recovered some of the vehicles and took into custody at least twelve individuals who are believed to be responsible for the crime. Car2Go has officially suspended its services in Chicago pending an investigation into the matter.

4 days ago
Tara Seals / Threatpost

Bad Bots Now Account for One-Fifth of All Web Traffic, With Nearly Two-Thirds of Bots Considered “Advanced Persistent Bots”

About a fifth of all web traffic (20.4%) comes from bad bots, which continue to attack daily in automated offensives on websites, mobile apps, and APIs, according to Distil Research Lab’s latest Bad Bot report.  Based on its analysis of hundreds of billions of 2018 bot requests, Distil estimates that 73.6% of bad bots can now be classified as “advanced persistent bots” (APBs). The financial services industry is particularly hard hit with bots, with nearly half of all financial services website traffic coming from malicious bots.

4 days ago
Andy Greenberg / Wired

New State-Sponsored Hacker Group Sea Turtle Has Hit 40 Different Organizations, Compromised Multiple Country-Code Top-Level Domains Via DNS Hijacking

A new state-sponsored hacker group called Sea Turtle has carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations and compromising multiple country-code top-level domains, the suffixes like .co.uk or .ru that end a foreign web address, jeopardizing all the traffic of every domain in multiple countries researchers at Cisco Talos discovered. Most of the victims and the ultimate targets were a collection of mostly governmental organizations, including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa. Other victims include telecoms, internet service providers, and domain registrars responsible for implementing the domain name system, including Swedish infrastructure organization NetNod and Berkeley-based Packet Clearinghouse, which earlier this year announced they had been hacked. To help enable man-in-the-middle attacks facilitated by the hijacking, the attackers used spoofed certificates from Let’s Encrypt or Comodo, invalid on close inspection but still able to trick users with signs of legitimacy.

4 days ago
Raphael Satter / Associated Press

Mysterious Spy Sought to Unearth Evidence of Anti-Kaspersky Campaign by Meeting With Cybersecurity Experts

A mysterious man who called himself Lucas Lambert spent several months last year investigating critics of Kaspersky Lab, organizing at least four meetings with cybersecurity experts in London and New York, according to an AP investigation. In what appeared to be an undercover operation, Lambert met with Keir Giles, a Russia specialist with London’s Chatham House think tank and other experts and queried them about whether anyone had been paid to publicly undermine Kaspersky Lab. Kasperksy Lab has been embroiled in controversy and litigation in the U.S. and other countries over its possible ties to the Russian government. Lambert also targeted Michael Daniel, who served as former president Barack Obama’s cybersecurity czar. The operation appears linked to another operation carried out last year by Black Cube, an Israeli private intelligence firm, although Black Cube denies it conducted either operation. Kaspersky Lab denies any connection with Lambert.

4 days ago
Zack Whittaker / TechCrunch

Vulnerability in Electronic Arts’ Origin Gaming Platform Opened the Door to Malicious Hackers

Electronic Arts has fixed a vulnerability in its online gaming platform Origin after security researchers Daley Bee and Dominik Penner of Underdog Security found they could trick an unsuspecting gamer into remotely running malicious code on their computer. The bug affected Windows users with the Origin app installed and allowed malicious actors to send PowerShell commands to download additional malicious components and install ransomware and to steal a user’s account access token using a single line of code.

5 days ago
Zack Whittaker / TechCrunch

New Persistent Data-Stealing Malware Scranos Rapidly Spreading Around the World, Aims At Ad Abuse, Third-Party Malware Distribution

New password- and data-stealing malware dubbed Scranos, which is digitally signed with a possibly stolen certificate, has rapidly expanded to users around the world since November, moving beyond its former primarily Chinese targets, researchers at Bitdefender report.  Scranos buries itself deep into vulnerable Windows computers to gain persistent access, even after the computer restarts. The malware appears to be aimed at infecting as many devices as possible to perform advertising abuse and to using itself as a distribution platform for third-party malware. Scranos is spreading through trojanized downloads that masquerade as real apps, like video players and e-book readers. The second-stage droppers in the malware inject custom code libraries in common browsers to target Facebook, YouTube, Amazon, and Airbnb accounts, gathering data to send back to the malware operator. YouTube seems to be a particular focus of the operation, tricking the browser to play YouTube videos in the background to generate ad clicks. The malware has other malicious components, including one that spams a victim’s Facebook friend requests with phishing messages.

5 days ago
Tom McKay / Gizmodo

Ecuador Bombarded by DDoS Attacks Following Assange’s Arrest in London Government Officials Says

Ecuador’s deputy minister for information and communication technologies, Patricio Real, claims the country has suffered around 40 million DDoS attacks since it allowed UK police to forcibly remove Wikileaks founder Julian Assange from the country’s its embassy in London. Real said the attacks began on April 11 shortly after Assange was removed from the embassy with most of the attacks coming from the United States, Brazil, Holland, Germany, Romania, France, Austria, and the United Kingdom. The 40 million figure represents the cumulative number of automated attempts to disrupt targeted systems and not a count of independently coordinated attacks.

5 days ago
Sergiu Gatlan / Bleeping Computer

Actively Exploited Windows Zero-Day Flaw Patched by Microsoft Could Allow Attackers to Take Over Targeted Machines

An actively exploited Windows zero-day vulnerability which was patched by Microsoft as part of the company’s April 2019 Patch Tuesday updates, together with 73 other flaws, could allow attackers to fully take over targeted machines, according to researchers at Kaspersky Lab. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” according to Microsoft.

5 days ago
Catalin Cimpanu / ZDNet

Hacker Gnosticplayers Dumps Round Five of Hacked Corporate Data, Nears Goal of Putting One Billion Stolen User Records for Sale on Dark Web

A hacker who goes by the name Gnosticplayers is getting close to their goal of putting up for sale the data for over one billion users after releasing their fifth round of hacked data compromising another 65.5 million records last and reaching a grand total of 932 million records overall. Gnosticplayers, who claims responsibility for the hacks of 44 companies, has since mid-February been putting up batches of hacked data on dark web marketplace Dream Market. Among the companies for which the hacker has previously released stolen customer data are 500px, UnderArmor, ShareThis, GfyCat, and MyHeritage. This latest release covers data for GMindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women’s fashion store Moda Operandi, and Apple repair center iCracked.

5 days ago
Brian Krebs / Krebs on Security

Indian IT Giant Wipro Confirms Systems Attack That Allegedly Was Used to Target At Least A Dozen Customer Systems

Indian information technology outsourcing and consulting giant Wipro Ltd., which has Fortune 500 customers in healthcare, banking, communications and other industries, has confirmed that its IT systems have been attacked and said it has hired a forensic firm after KrebsOnSecurity reported that hackers had compromised the IT company’s systems and used them to launch attacks on the firm’s clients. According to sources, Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems. It also appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders’ back-end infrastructure that were named after various Wipro clients. Wipro is further reportedly now in the process of building out a new private email network because the intruders were thought to have compromised Wipro’s corporate email system for some time.

5 days ago
Christopher Bing, Jack Stubbs / Reuters

U.S. Reportedly Plans to Pitch Allies on ‘Intellectual Framework’ to Effectively Bar Huawei, Chinese Vendors From 5G Networks

The U.S. will push its allies at a meeting in Prague next month to adopt shared security and policy measures that will make it more difficult for China’s Huawei to dominate 5G telecommunications networks, according to sources familiar with the matter and documents seen by Reuters. The meeting from May 2 -3 will be attended by officials from 30 countries to agree on security principles for next-generation telecoms network. Against the backdrop of a strong campaign by the U.S. against Huawei due to fear of spying by the Chinese government, the U.S. reportedly plans to adopt a softer approach against the telecom tech giant while in Prague, with U.S. officials hoping to provide the “intellectual framework” needed for other countries to effectively bar Chinese vendors.

Podcasts

23 hours ago
Women in Software and Cybersecurity

Eileen Wrubel

Eileen Wrubel, co-lead of the SEI’s Agile/DevOps Transformation Directorate, discusses her career journey.


2 days ago
ISC StormCast

Malicious UDF Files; Facebook Clear Text Passwords; Iranian Hackers Hacked; Win8 Live Tiles Takeover

Johannes Ullrich talks about Malware Delivered As a UDF .img file, Facebook Stored Passwords in Plain Text, Iranian Statesponsored Malware and Data Leaked, Windows 8 Live Tiles Domain Takeover.


2 days ago
BBC 4 Beyond Today

Why would your mattress spy on you?

How might we have given the internet giants permission to spy on us? What connects a political scandal like Cambridge Analytica to Alexa and Google Maps? Shoshana Zuboff, who has been investigating these issues for years, talks about her theory that ties everything together.


2 days ago
Defense in Depth

Privileged Access Management (PAM)

David Spark talks with Allan Alford CISO at Mitel about privileged access management (PAM), how it is ineffective without complete asset inventory and classification, how it’s a moving target, how important two-factor authentication is to it and more.


3 days ago
ISC StormCast

Sea Turtle; Broadcom Drivers; NamPoHyu, Confluence Attacks

Johannes Ullrich talks about DNS Hijacking by Sea Turtle, Broadcom Wifi Driver Vulnerabilities, NamPoHyu Virus Infects Samba Servers, Increased Attacks on Confluence.


3 days ago
Marketplace Tech with Molly Wood

Former Homeland Security Secretary Janet Napolitano: cybersecurity is national security

In a new book, Janet Napolitano, the former head of the Department of Homeland Security, says it is “impossible to overstate the urgency of improving our country’s cybersecurity.” She says we’re vulnerable all over the place, from critical infrastructure like utilities and 911 dispatch systems to our elections and our personal data. Host Molly Wood spoke with Napolitano about her new book “How Safe Are We? Homeland Security Since 9/11.”


Spotlight


Cyrus Farivar and David Ingram / NBC News

WannaCry Hero Marcus Hutchins Pleads Guilty to Two Hacking-Related Charges

 

Find

 

2 days ago

 







Catalin Cimpanu / ZDNet

Cybersecurity Firm Verint Hit By Ransomware

 

Find

 

3 days ago

 


Cybersecurity Events

Apr. 16-19LocoMocoSecKauai, HawaiiUSA
Apr. 24-26ICS Cyber Security ConferenceSingaporeSingapore
Apr. 26-27BSides Kansas CityKansas City, MOUSA
Apr. 27-28BSides CharmTowson, MDUSA
May 1-2Global Cyber Innovation SummitBaltimore, MDUSA
May 3NaijaSecCon Cybersecurity ConferenceLagosNigeria
May 3-4ThotconChicago, ILUSA
May 12-19NorthSecMontrealCanada
May 16TripleSecParisFrance
May 14-17NoNameConKyivUkraine
May 18BSides New HampshireHookset, NHUSA
May 24-29SecurityFestGothenburgSweden
May 25-26BSides StuttgartStuttgartGermany
May 26-28Global AppSec Tel AvivTel AvivIsrael
May 27You Shot the SherriffSão PauloBrazil


Support Us!

Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.

DON'T FORGET TO CONFIRM YOUR SUBSCRIPTION AFTER SIGNING UP. PLEASE CHECK YOUR SPAM FILTER FOR OUR CONFIRMATION EMAIL.