Latest News

3 mins ago
Olivia Beavers / The Hill

Bi-Partisan Senate Bill Introduced to Address Supply Chain Security

In the wake of controversies surrounding Russian antivirus company Kaspersky Lab and China’s ZTE and Huawei communications gear makers, Senators Claire McCaskill (D-MO) and James Lankford (R-OK) have introduced the The Federal Acquisition Supply Chain Security Act (FASCSA) to address supply chain issues when tech components come from foreign countries. The bill would require Federal Acquisition Security Council to develop criteria for assessing supply chain threats and to consult the private sector on the development of such policies and call on the government to develop a strategy to deal with the risks.

3 hours ago
Paul Sawers / Venture Beat

Endpoint Protection Cybersecurity Start-Up Cylance Raises $120 Million in Series E Round

AI and machine learning-based cybersecurity start-up Cylance has raised $120 million in a series E round of funding led by Blackstone Tactical Opportunities, with participation from other unnamed investors. Cylance offers an endpoint protection platform designed to thwart malware, ransomware, and other forms of advanced threats. Cylance says it has more than 4,000 customers, with revenues of $130 million for the 2018 fiscal year, representing a year-over-year growth of 90 percent.

3 hours ago
Jeff Engel / Xconomy

Security Analytics Start-Up Uptycs Raises $10 Million from ForcePoint, Comcast in Series A Round

Cybersecurity start-up Uptycs announced a $10 million Series A funding round led by ForcePoint Capital and broadband giant Comcast’s venture arm, Comcast Ventures. The funding will be used to help Uptycs expand its team and advance its Osquery-based security analytics software, which hunts for known anomalies and security threats.

4 hours ago
Wolfie Zhao / CoinDesk

North Korea’s BitThumb Halts Deposits, Withdrawals After Hackers Steal $31 Million in Cryptocurrencies

One of the largest cryptocurrency exchanges in the world, South Korea’s Bithumb, has halted deposit and withdrawal services after hackers stole 35 billion won ($31 million) from the platform. The hack occurred between late Tuesday night and early Wednesday morning although details about which cryptocurrencies were stolen are sketchy. Bithumb has removed all the remaining assets to a cold wallet and says it will cover any losses customers experience.

5 hours ago
Sean Lyngaas / Cyberscoop

New Android Surveillance Malware, HeroRAT, Targets Android Users Via Telegram’s Bot API

A new family of malware capable of complete surveillance, dubbed HeroRAT, is targeting Android devices through the use of the encrypted messaging app Telegram’s bot API, researchers at ESET report. The malware, which has cropped up mostly in Iran, poses as an application pledging more social media followers, bitcoin, or free Internet connection. Once active, HeroRAT engages in a host of surveillance activities including intercepting text messages, recording audio and grabbing screen images from devices. HeroRAT, which has proliferated since last August, avoids the Google Play store to evade detection.

6 hours ago
Rachel Weiner and Derek Hawkins / Washington Post

Fraudsters Used Data Stolen in 2015 OPM Breach to Take Out Loans in Victims’ Names

A fraud scheme that was exploiting data from the 22 million-employee OPM breach that took place in 2015 has been uncovered in southeast Virginia. Kariva Cross, 39, pleaded guilty Monday to conspiracy to commit bank fraud and aggravated identity theft. Marlon Mc­Knight, 40, pleaded guilty last week to the same charges in Newport News federal court. It’s unclear how the pair obtained the data but they used it to take out fraudulent car and personal loans in the names of the OPM victims. U.S. authorities have blamed the massive OPM hack on China and neither defendant has been charged with hacking-related crimes.

7 hours ago
Joseph Menn / Reuters

Advanced Hacking Campaign Launched in China, ‘Thirp,’ Targeted Satellite, Defense and Telecom Companies

An advanced, apparently espionage-driven hacking campaign launched from computers in China burrowed deeply into unnamed satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, potentially allowing the hackers to change the positions of the satellites’ orbiting devices and disrupt data traffic, researchers at Symantec report. Attributing the effort to a group called Thrip, the researchers said the hacking campaign moved among servers, making it harder to detect than the usual phishing-based attacks that start with users’ computers. Symantec has shared technical information about the attacks with the FBI, DHS and defense agencies in Asia.

18 hours ago
Brian Fung/ Washington Post

Verizon, AT&T and Sprint Will No Longer Share Customers’ Real-Time Location Data With Data Brokers Who Exposed the Data

In the midst of a controversy over their sale of users’ real-time location data to data brokers, Verizon, AT&T, and Sprint will no longer share its customers’ location information with several third-party companies who failed to handle the data appropriately. This move also follows an investigation by Senator Ron Wyden (D-OR.) into the commercial relationships between Verizon; and two data vendors, LocationSmart and Zumigo and how those companies sell the real-time location data to other companies. The wider exposure of mobile phone carriers selling customers’ real-time data was sparked when Verizon sold the location data to LocationSmart, which in turn sold the information to a prison phone company, Securus. Prison and law enforcement officers were able to use the Securus system as their own tracking and surveillance system.

21 hours ago
Paul Sawers / Venture Beat

CrowdStrike Raises $200 Million in Series E Round, Valuation Now Pegged At $3 Billion

AI-powered cybersecurity platform company CrowdStrike has raised $200 million in a series E round of financing co-led by Accel, General Atlantic, and IVP, with participation from existing investor CapitalG, which is Alphabet’s late-stage venture fund, and March Capital. With the latest infusion, CrowdStrike is valued at $3 billion ahead of what many expect to be a blockbuster IPO. CrowdStrike has earned a strong reputation for analysis of some very high-profile breaches, including a 2016 report for the DNC showing that Russian hackers had infiltrated the Democratic party organization.

23 hours ago
Lora Kolodny / CNBC

Elon Musk: Insider ‘Saboteur’ at Tesla Made Code Changes, Exported Large Amounts of Sensitive Data

A disgruntled insider sabotaged Tesla by direct code changes to the Tesla Manufacturing Operating System under false usernames and by exporting large amounts of highly sensitive Tesla data to unknown third parties, CEO Elon Musk said in an email sent to all employees. The unnamed employee’s stated motivation is that he wanted a promotion that he did not receive, according to Musk’s email. Musk sent the email soon after a factory fire halted Tesla vehicle production for several hours on Sunday, which could have been a random event but left Musk feeling paranoid.

23 hours ago
Dan Goodin / Ars Technica

Olympic Destroyer Hacking Group Fingered as Culprit Behind New Campaign in Russia, France, Switzerland, the Netherlands and Ukraine

The hacking group that sabotaged the Pyeongchang Winter Olympics in February using malware known as Olympic Destroyer is also responsible for attacks that targeted financial institutions in Russia and chemical-threat and biological-threat prevention labs in France, Switzerland, the Netherlands, and Ukraine, researchers at Kaspersky Lab report.  Both the Olympic Destroyer campaign and the most recent campaign use the same technique to obfuscate malicious Powershell commands. One of the malicious Word documents used in the attacks, which began last month, referred to Spiez Convergence, a biochemical threat conference organized by the Spiez Laboratory, which played a key role in the investigation of the poisoning in March of a former Russian spy in the UK. Although Kaspersky doesn’t identify the Russian government as the source of the recent campaign, they note that Olympic Destroyer campaign bears a “certain resemblance to Sofacy,” the name of the advanced persistent group that works for the Russian government.

24 hours ago
John Hendel / Politico

Defying Trump, Senate Votes to Reimpose U.S. Ban on ZTE Technology

In a rare rebuke to Donald Trump, the Senate voted by 85-10 to reimpose the U.S. ban on Chinese telecom giant ZTE as part of the National Defense Authorization Act, a must-pass defense spending bill. Citing long-standing national security concerns over ZTE, lawmakers of both parties feared the ability of ZTE to engage in espionage and other malicious activity given what many believe is the cell phone maker’s too-close relationship with the Chinese government. The vote to continue the ban on ZTE flies in the face of a deal struck by Trump that would allow the Chinese company to operate in the U.S. if it pays a $1 billion fine, changes its management and embeds a compliance team.

1 day ago
Matt Zapotosky / Washington Post

Federal Prosecutors Charge Former CIA Employee with 13 Counts of Violating Espionage Act and Related Crimes in Vault 7 Leak

Federal prosecutors charged former CIA employee Joshua Adam Schulte with violations of the Espionage Act and related crimes in connection with the leak to Wikileaks last year of a collection of hacking tools, known as Vault 7, that the agency used for spy operations overseas. Schulte was charged in a 13-count superseding indictment with illegally gathering and transmitting national defense information and related counts. Prosecutors say Schulte stole the materials in 2016.

1 day ago
Brian Barrett / Wired

iOS 12 Will Communicate Users’ Exact Locations to 911 Operators When They Call

Apple has revealed an upcoming feature in its iOS 12 that will send users’ locations to emergency services when the users call 911. Apple has partnered with RapidSOS, a startup that focuses on upgrading the complex backends of the nation’s roughly 6,500 emergency call centers.  With more than 80 percent of incoming emergency calls originating from a cell phone in some areas, the old landline methods for locating users are no longer sufficient to identify the locations of users who call during emergencies.

1 day ago
Catalin Cimpanu / Bleeping Computer

Europol, French, UK and Thai Police Arrest Rex Mundi Hacking Group Members

Europol, French, UK, and Thai police arrested eight people suspected to have been involved with a notorious hacker group known as Rex Mundi (Latin for “King of the World”). Rex Mundi hacked into companies’ networks, stealing private information, and later contacting the victims to request the payment of a ransom fee to not disclose the hacks or to reveal the flaw that led to the hacks. Among Rex Mundi’s victims were AmeriCash Advance, Webassur, Drake International, Buy Way, Hoststar,, Numericable, Habeas, AlfaNet, Domino’s Pizza, and Banque Cantonale de Geneve (BCGE). The group disbanded after one last ransom-based hack of a British company in 2017.  That company contacted UK police, who subsequently arrested five French nationals in June 2017, ending the scheme. French police later arrested two Rex Mundi hackers in October 2017 and Thai police arrested a third hacker in May 2018.

1 day ago
Brian Krebs / Krebs on Security

Google to Fix Location Privacy Leaks in Google Home, Chromecast Devices

Google is expected to soon fix a location privacy leak in Google Home and Chromecast devices that allows websites to run a simple script in the background and collect precise location data on people. The leak, discovered by Craig Young, a researcher with security firm Tripwire, is an authentication weakness that leaks highly accurate location information about users of both the smart speaker and home assistant. Aside from leaking precise geolocation data, the bug could help scammers make phishing and extortion attacks appear more realistic.

1 day ago
Dan Goodin / Ars Technica

macOS Quick Look Feature Can Leak Highly Sensitive, Encrypted Data, Automatic Thumbnail Caches of Data Stored Indefinitely

Automatic thumbnail caches generated by a macOS feature called Quick Look can leak highly sensitive data stored on password-protected drives and encrypted volumes, Patrick Wardle and Wojciech Regu?a, Digita Security and SecuRing report. The cache can only be viewed by someone who has physical access to the Mac but is generated with minimal user interaction and retained permanently even after the original files are deleted, living on in an SQLite database stored indefinitely in the macOS file system. Wardle and Regu?a recommend users manually delete the folder that stores the thumbnails each time they disconnect a sensitive drive or volume.

1 day ago
Sally Ho / Associated Press

ACLU, Investors Ask Amazon to Stop Selling Its Facial Recognition Technology, ‘Rekognition,’ to Police, Government

The American Civil Liberties Union is leading an effort against Amazon selling its facial recognition product, called Rekognition, to police forces and government agencies, delivering a petition with 152,000 signatures to the company’s Seattle headquarters and telling the company to “cancel this order.” A group of 19 investment managing companies, including Harrington Investments, Inc. and Walden Asset Management, have also expressed concerns about the tool, saying Rekognition could expose Amazon to lawsuits and asked the company to hold back until it could demonstrate it had sufficient fiduciary oversight.

2 days ago
Chris Bing / Cyberscoop

North Korea Is Likely Culprit Behind Cyber Attacks on Latin American Banks, Including Bancomtext and Bank of Chile

A string of devastating attacks on Latin American banks, including a breach at Mexico’s Bancomext and a $10 million heist at Chile’s Bank of Chile, all seemingly point to North Korea as the culprit knowledgeable sources say. Confidential technical reports about the incidents are already being shared within private information sharing groups composed of other financial institutions. The attacks attempt to leverage the SWIFT international payment system, an activity identified with North Korea. Shared malware variants among the multiple incidents, known as”MBR Killer” and “Bootwreck/killdisk,” was cited in a confidential intelligence report labeled “TLP: Amber,” authored May 29 by New York-based intelligence firm Flashpoint.

2 days ago
Mark Wycislik-Wilson / BetaNews

Android Emulator Andy OS Is Secretly Installing a GPU Trojan That Mines for Bitcoin

The Android emulator Andy OS, also referred to as AndY and Andyroid, which enables running Android software within Windows or macOS, has been running a GPU miner trojan that secretly mines for Bitcoin, users have complained. Although some users speculate that the installer for Andy OS is the vector through which the mining malware is delivered rather than the emulator itself, many users are concerned at the lack of apparent interest in this problem on the part of Andy’s development team. Until a fix is implemented, users can follow a series of steps that start with uninstalling Andy via Windows.


5 hours ago
Risky Business #504

Latest email frauds and changes to money muling

Patrick Gray and Adam Boileau talk about the week’s top news including the Vault7 guy is totally screwed, US Senate scuttles Trump’s plan to save ZTE, Chinese pwning satellite comms, telcos, Olympic Destroyer crew is back and more.

5 hours ago
ISC StormCast

Malicious PS Script Disables Logging; Virustotal Monitor Service; Exposed Cloud Environments

Johannes Ullrich talks about PowerShell ScriptBlock Loggin Bypass in the Wild, Virustotal “False Positive” Alert, Cloud Environments Explosed to the Internet, Google Home DNS Rebinding Attack Reveals Geolocation.

6 hours ago
Hack Naked News #178

‘Unbreakable ‘ Smart Lock, Cortana, & Jeopardy

This week’s episode focuses on exposed container dashboards, unlock Windows with Cortana, Firefox buffer overflow, unbreakable smart locks are breakable, insider Tesla threat, you can win Jeopardy and still be dumb

6 hours ago


Steve Gibson and Leo Laporte talk about the week’s news including a rather “mega” patch Tuesday, a nifty hack of Win10’s Cortana, Microsoft’s official “when do we patch” guidelines, the continuing tweaking of web browser behavior for our sanity, a widespread Windows 10 rootkit, the resurgence of the Satori IoT botnet and more.

Cybersecurity Events

June 17-21CyberWeekTel AvivIsrael
June 18SANS MunichMunichGermany
June 19Security of ThingsBoston, MAUSA
June 20-21Technology Risk Management ForumWroclawPoland
June 20-22The 2018 International Workshop on Security and Privacy Assurance Technologies for Emerging Networks (SPATEN 2018)TianjinChina
June 20-24ToorCampSan Juan Islands, WAUSA
June 21-222nd International Symposium on Cyber Security Cryptography and Machine Learning (CSCML 2018)Be'er ShevaIsrael
June 22BSides PittsburghPittsburgh, PAUSA
June 22-23BSides AshevilleAsheville, NCUSA
June 22-23BSides ClevelandCleveland, OHUSA
June 22-24The 5th IEEE International Conference on Cyber Security and Cloud ComputingShanghaiChina
June 23BSides AthensAthensGreece
June 24-29FIRST ConferenceKuala LumpurMaylaysia
June 25Safety and Security of Intelligent VehiclesLuxembourg CityLuxembourg

Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.