Latest News

9 hours ago
Catalin Cimpanu / ZDNet

Hacking Group ‘0v1ru$’ Breached a Contractor for Russia’s FSB Stealing 7.5TB of Data and Exposing Top Projects Including Effort to Deanonymize Tor Traffic

On July 13, a group of hackers known as 0v1ru$ breached SyTech, a contractor for Russia’s national intelligence service FSB, stealing information about internal projects the company was working on behalf of the agency. The group hacked into SyTech’s Active Directory server from where they gained access to the company’s entire IT network, including a JIRA instance, stealing 7.5TB of data from the contractor’s network, and defacing the company’s website with a “yoba face,” an emoji popular with Russian users that stands for “trolling.” The group shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor. Digital Revolution shared the stolen files in greater detail on their Twitter account and with Russian journalists. Two of the notable projects that were exposed in the breach are Nautilus-S, one for deanonymizing Tor traffic, and Hope, one which analyzed the structure and make-up of the Russian segment of the internet. SyTech has taken down its website since the hack and refused media inquiries.

1 day ago
Julian E. Barnes / New York Times

ODNI Director Coats Names Experienced Government Official Shelby Pierson to New Election Security Position

In a sign that security vulnerabilities and influence operations are now a permanent fixture of U.S. elections, Director of National Intelligence Dan Coats announced that experienced government official Shelby Pierson will oversee election security intelligence across the government in a newly created senior position. Pierson, who worked on intelligence issues surrounding the 2018 midterm elections, will cover both potential attacks on voting infrastructure and influence campaigns. Coats said that Pierson’s appointment will help intelligence agencies direct resources to election security and “bring the strongest level of support to this critical issue.” Coats also said he was ordering all of the intelligence agencies with a role in election security to appoint a senior official to oversee issues of foreign influence and infrastructure attacks. The officials will form an Election Executive and Leadership Board to ensure intelligence agencies are properly focused on voting security issues.

1 day ago
Kevin McLaughlin / The Information

Cisco Systems in Talks to Buy Web Application Cybersecurity Startup Signal Sciences, Sources

In the latest sign of  Cisco System’s interest in the cybersecurity sector, the tech giant is in talks to buy cybersecurity startup Signal Sciences, which develops software that protects applications running in private data centers and on cloud providers from attacks, according to several people familiar with the talks. The five-year-old Signal Sciences has raised $61.7 million so far and counts among its customers Adobe, WeWork, Etsy, and Yelp. It has raised $61.7 million in four rounds, The deal could help Cisco compete more effectively against rivals Palo Alto Networks and Fortinet while also helping its push into subscription services and recurring revenue streams.

1 day ago
Joseph Cox / Motherboard

Hackers Publish List of Around 2,500 Email Addresses, Passwords Purportedly Phished From Discord Users

Earlier this week a group of hackers published a list of about 2,500 email addresses and passwords they say they phished from users of gaming chat platform Discord. The hackers posted a database of the allegedly phished credentials, split into multiple sections of those that work and those that don’t. Some of the invalid login details were likely from people who were trying to provide the hackers with garbage data.

1 day ago
Kevin Rawlinson / The Guardian

Scotland Yard’s Twitter Account, Official Email Address Hacked Via Breach of Outside Press Bureau to Send Series of Bizarre Messages

Scotland Yard’s principal Twitter account, which has more than 1.2 million followers, tweeted a series of bizarre messages on Friday night after becoming “subject to unauthorized access.” Many of the dozen unauthorized tweets, some of which referred to the British rapper Digga D, were also repeated in press releases emailed out to journalists from the force’s official email address.  Scotland Yard said it believed the “security issue” related solely to the external service the Met’s press bureau uses to issue news releases. The Met’s MyNewsDesk service automatically spreads content to the Met’s website and Twitter account once it is published, as well as sending corresponding emails to subscribers. Scotland Yard emphasized that there has been no ‘hack’ of the Met police’s own IT infrastructure.

1 day ago
AnnaMaria Andriotis / Wall Street Journal

Equifax Nearing Deal With FTC, CFPB and State Attorneys Generals to Pay $700 Million to Settle Data Breach Probes, Report

Credit reporting company Equifax is close to a deal with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general to pay around $700 million to settle data breach probes with U.S. regulators and states over a 2017 data breach that exposed the sensitive personal and financial details of nearly 150 million people. The settlement, which could be changed depending on the number of claims eventually filed by consumers, could be announced as early as Monday.

2 days ago
Scott Shane / New York Times

Former Contractor Harold T. Martin III Sentenced to Nine Years for Amassing a Trove of Highly Classified NSA Documents

Troubled former National Security Agency contractor Harold T. Martin III,  has been sentenced to nine years for amassing a trove of highly classified NSA documents at his home in Glen Burnie, Maryland. Reported by his attorney to have autism spectrum disorder which led to a kind of hoarding of the documents, Martin had once been suspected of passing secrets on to foreign countries or being the source of the infamous Shadow Brokers leak of NSA hacking tools, but prosecutors ultimately came to believe he was not behind any malicious leaks.

2 days ago
Catalin Cimpanu / ZDNet

Kazakhstan Starts Intercepting All HTTPS Internet Traffic By Forcing ISPs and Users to Install Government-Issued Certificates

In a move it claims protects citizens from hackers and cyber threats, the Kazakhstan government has started intercepting all HTTPS internet traffic inside its borders and local ISPs have been instructed to force their respective users into installing a government-issued certificate on all devices, and in every browser. That certificate allows local government agencies to decrypt users’ HTTPS traffic, look at its content, encrypt it again with their certificate, and send it to its destination. Following a statement by the Kazakh Ministry of Digital Development, Innovation and Aerospace, users from all across the country reported being blocked from accessing the internet until they installed the government’s certificate.

2 days ago
Ionut Ilascu / Bleeping Computer

Google Ups Its Chrome Bug Bounty Payments, Doubling Reward for Critical Security Vulnerabilities to $30,000

After nine years and 8,500 security bug reports, Google has increased the value of the rewards for security vulnerabilities submitted through its Chrome Vulnerability Rewards Program, with the maximum baseline reward tripled to $15,000 and the ceiling for high-quality reports for valid security vulnerabilities doubled to $30,000. The rewards are for valid bugs that can escape the built-in isolated containers, vulnerabilities affecting the firmware (processor, embedded controller, and H1), flaws that can defeat the verified boot mechanism and lead to persistence, and issues in the lock screen that can be exploited to circumvent it.

2 days ago
Mehul Srivastava and Tim Bradshaw / Financial Times

Spyware Company NSO Group Tells Prospective Clients It Can Scrape Users’ Data from Servers of Apple, Google, Facebook, Amazon, and Microsoft, Report

Notorious Israeli spyware company NSO Group, whose flagship malware Pegasus has been used by authoritarian regimes to spy on smartphones, has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon, and Microsoft, according to sources familiar with the company’s sales pitch. Pegasus has evolved to capture ever greater amounts of information, including a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration for the government of Uganda. The new capabilities are said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location, giving open-ended access to the cloud storage of those apps without “prompting 2-step verification or warning email on target device,” according to the demonstration. Amazon, Facebook, and Microsoft say they have no evidence of Pegasus access to their cloud files but say they are investigating. Google has not responded.

2 days ago
Kim Zetter / Vice

BlackBerry Cylance’s Machine-Learning PROTECT Detection System Can Be Subverted to Falsely Tag Malware as ‘Goodware’

In what may be the first proven global attack on the machine learning mechanism of a security company, BlackBerry Cylance’s artificial intelligence engine in its endpoint PROTECT detection system can be subverted to cause it to falsely tag already known malware as “goodware,” researchers at Skylight Cyber report. The researchers developed a “global bypass” method that works with almost any malware to fool the Cylance engine by taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign. The method works because Cylance’s machine-learning algorithm has a bias toward the benign file that causes it to ignore any malicious code and features in a malicious file if it also sees strings from the benign file attached to a malicious file.

2 days ago
Kate Clark / TechCrunch

CrowdStrike’s Revenues More Than Doubled Year-over-Year According to First Post-IPO Quarterly Earnings Report

Cybersecurity leader CrowdStrike issued its first quarterly earnings report following its IPO posting revenues of $96.1 million on GAAP net losses of $26 million in the first quarter of fiscal year 2020, a strong start that boosted the company’s stock price by 2.5% at the close of trading Thursday, reaching $82 per share in after-hours trading, more than double its IPO price of $35. Year-over-year Crowdstrike’s revenue shot up 103 %, with subscription revenue increasing 116% increase to $86 million.

2 days ago
Danny Palmer / ZDNet

Chinese APT Group Ke3chang Is Targeting Diplomats and Government Offices in Europe, Central and South America With New Backdoor Okrum

An elusive advanced persistent threat (APT) group thought to be operating out of China and known as Ke3chang, but also known as Vixen Panda, Royal APT, Playful Dragon, and APT15, is using a previously unreported backdoor, dubbed Okrum, in a malware campaign targeting diplomats and government departments around the world, researchers at ESET report. The group is using an updated version of their Ketrican malware alongside the backdoor to target diplomatic bodies and other government institutions in countries across Europe and Central and South America. Okrum can provide itself will full administrator privileges and collects information about the infected machine, such as computer name, username, host IP address and what operating system is installed.

2 days ago
Charlie Warzel / The New York Times

Almost All Porn Sites Send Users’ Data to Third-Party Web Trackers, Google Has Trackers on Three-Quarters of All Porn Sites, Researchers

Trackers from tech companies Google and Facebook are logging users’ most personal browsing details, according to a forthcoming New Media & Society paper by a group of researchers from Microsoft, the University of Pennsylvania and Carnegie Mellon University. The researchers scanned 22,484 pornography websites and found that 93% of them sent data to an average of seven third-party domains, mostly via tracking cookies from outside companies.  Google (or one of its subsidiary companies such as the advertising platform DoubleClick) had trackers on 74 percent of the pornography sites, while Oracle showed up on 24% of the sites and Facebook appeared on 10% of the sites. Only 17 percent of the 22,484 sites scanned were encrypted, suggesting that troves of user data could be vulnerable to hacking or breaches.

3 days ago
Catalin Cimpanu / ZDNet

Slack Resets Passwords for 100,000 Users Who Were Affected by 2015 Data Breach

Cloud-based team collaboration service Slack said it is resetting passwords for 1% of its 10 million user base, or roughly 100,000 users, in a move that is related to the company’s March 2015 security breach. Back then Slack reset all the users it believed were affected by the breach. Now the company says it has received a batch of user credentials from its bug bounty program that it believes were overlooked in the aftermath of the 2015 breach. Slack says it has no reason to believe these newly discovered credentials had been misused.

3 days ago
Alfred Ng / CNET

Google Pulls Seven Icon-Less Stalkerware Apps From Play Store That Had Been Downloaded 130,000 Times

Seven stalkerware apps that had been downloaded more than 130,000 times were pulled from Google’s Play Store after being discovered by Avast. One called Spy Tracker was promoted as a way to keep kids safe but was described on the Play Store by users as a way to keep track of spouses. All seven apps prompted the attacker to install other software and then delete the initial download, which allowed the stalkerware apps to spy on victims without an icon appearing on the device.

3 days ago
Dan Goodin / Ars Technica

Thousands of Browser Extensions May Be Sharing Users’ Personally Identifiable Web Browsing Data With Murky Data Brokers, Chrome and Firefox Remove Six Such Extensions Installed by More Than Four Million Users

Thousands of extensions that gather browsing data are available in the online stores of Google and Mozilla, sending the data from users’ computers to be harvested for marketers, data brokers or hackers thanks to a new documented privacy issued called DataSpii. Sam Jadali who runs a hosting business discovered some of his clients’ data for sale online on a marketing intelligence firm called Nacho Analytics which sells users’ data that the firm says users have agreed to share.  Despite Nacho saying it scrubs personal information, Jadali found usernames, passwords and GPS coordinates in the data the company was selling. In addition to the personal data, Nacho exposed details of projects that corporate employees were working on, including top-secret material, and even information about internal corporate networks and firewall codes. Jadali’s research identified six suspect Chrome and Firefox extensions with more than a few users including Hover Zoom, SpeakIt!, SuperZoom, Helper, FairShare Unlock and PanelMeasurement, although there are likely at least 3,800 other extensions that leak users data, according to researchers at North Carolina State University. After being informed of the problem, Google and Mozilla removed the six extensions, which collectively had more than four million users. After the extensions were removed, Nacho posted a notice on its website that it had suffered a “permanent” data outage and would no longer take on new clients, or provide new data for existing ones.

3 days ago
Charlie Osborne / ZDNet

Bluetooth Flaw Can Expose Windows, macOS Devices to Tracking, ID Leaking, Researchers

A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their IDs, researchers from Boston University David Starobinski, David Li and Johannes Becker said at the 19th Privacy Enhancing Technologies Symposium, in Stockholm. The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. The researchers say that many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but they found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device. The Android operating system is immune because it does not continually send out advertising messages.

3 days ago
Dan Goodin / Ars Technica

Microsoft Notified 10,000 Customers in Past Year They Were Targets of Nation-Sponsored Hackers, 84% Were Large Enterprise Organizations

Microsoft said that it has notified almost 10,000 customers in the past year that they’re being targeted by nation-sponsored hackers, with about 84% of the attacks targeting customers that were large “enterprise” organizations such as corporations. Some of the 10,000 customers were successfully compromised while others were only targeted, although Microsoft didn’t offer any specific numbers. Microsoft has seen “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia. One Iranian group is what Microsoft calls Holmium, also known by the name given to it by FireEye, APT33. Another group is called Strontium, a Russian hacking group that’s better known as Fancy Bear or APT28. The three other groups are Yttrium (a Russian outfit that Microsoft caught targeting U.S. think tanks and non-governmental organizations in December), Iran-based Mercury, and Thallium of North Korea.

4 days ago
Zack Whittaker / TechCrunch

Another Medical Lab, Clinical Pathology Laboratories, Ensnared by AMCA Breach, 2.2 Million Patients’ Sensitive Data Exposed

Another medical lab has been caught by the data breach that forced the American Medical Collection Agency (AMCA) into bankruptcy, this time Clinical Pathology Laboratories (CPL), which announced that 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information stolen. An additional 34,500 patients had their credit card or banking information compromised. Other lab victims include LabCorp, Quest Diagnostics, and BioReference Laboratories, which collectively represent over 20 million patients affected by the AMCA breach.


1 day ago
The Information's 411

Supply Chain Gang

Wayne dives into the world of leakers in Apple’s supply chain and how the company fought back. Alex talks about his profile of David Marcus, the head of Facebook’s Libray cryptocurrency project and gives recaps his testimony in front of Congress.

1 day ago
Cyber Speaks Live

Troy Hunt joins Cyber Speaks LIVE as a special guest co-host

Troy Hunt, the founder of the popular website, Have I Been Pwned (HIBP) t joins Cyber Speaks LIVE as a special guest co-host to discuss recent data breaches, personal information protection and measures we can take to help protect our personal and corporate online identities.

2 days ago
ISC StormCast

802.1x Tips; Kazachstan TLS Interception; Cylance Weakness; BEC Trends

Johannes Ullrich talks about 802.1x Tips, Kazachstan TLS Interception, BEC Trends, Cyclance Weakness.

2 days ago
Hacker Public Radio

hpr2860 :: Encryption and Quantum Computing

The Quantum Computer is supposed to be a game-changer that renders encryption useless. But is this true? We look at how quantum computing will affect encryption going forward, and show that we are already working on quantum-resistant encryption.

2 days ago
Cracking Cyber Security

Up-skilling your cyber security workforce with Matt Lorentzen, Trustwave

Principal Security Consultant (CCSAS) at Trustwave SpiderLabs, Matt Lorentzen gives some advice to anyone looking to work in cybersecurity, as well as employers who want to up-skill their current workforce

2 days ago
The Human Factor


Alyssa Miller who leads the Information Security Solutions practice for CDW talks about how she took her first steps into the world of infosec, how important the right sort of leadership is and how being a football/soccer referee crosses over into handling situations in the security world.


Cybersecurity Events

July 12-13SteelConSheffieldUK
July 12-13BSides Chicago 2019Chicago, ILUSA
July 13BSides SpringfieldSpringfield, MOUSA
July 25BSides CDMXMexico CityMexico
July 22-28SANS Pen Test Hackfest Europe Summit & Training 2019BerlinGermany
Aug. 3-8BlackHatLas Vegas, NVUSA
Aug. 6-7BSides Las VegasLas Vegas, NVUSA
Aug. 8-9DefconLas Vegas, NVUSA
Aug. 14UsenixSanta Clara, CAUSA
Aug. 23-25Infosec CampoutKing County, WAUSA
Aug. 26BSides VancouverVictoria IslandCanada
Aug. 29BSides ManchesterManchesterUK
Sept. 5Kent Cyber Security Forum (KCSF) 2019KentUK
Sept. 6BSides AmsterdamAmsterdamThe Netherlands
Sept. 6-8DerbyconLouisville, KYUSA

Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!

Support Us!

Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.