Search Results for “Danny Palmer”


March 5, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Mobile Malware Detections Jumped During Q4 2019, Half of the Infections Come From Hidden Apps, McAfee

The total number of detections for different types of mobile malware reached over 35 million during the final quarter of 2019, representing a jump of 10 million discoveries compared with 2018, according to McAfee’s latest mobile threat report. Half of these detections were what they class as ‘hidden apps’; malicious applications that, once installed, are designed to altogether avoid discovery on the device and, therefore, extremely difficult to remove. The goal of the hidden apps is to generate money, which typically comes in the form of fraudulent ad clicks. Criminals often use fake apps that look like the real thing to get around the Google Play Store protections, and the apps often disguise themselves under the settings menus of smartphones.

January 23, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Hacking Campaign With Suspected Ties to Iran’s APT 33 Targeted a European Energy Firm With PupyRAT Software on Probable Reconnaissance Mission

A hacking campaign with suspected ties to Iran, particularly the hacking group known as APT 33, targeted the European energy sector from November 2019 to January 2020. in what’s thought to be a reconnaissance mission aimed at gathering sensitive information, according to researchers at Recorded Future. The PupyRAT software used by the attackers is open-source malware. It can infiltrate Windows, Linux, OSX, and Android to give hackers access to the victim’s system, including usernames, passwords, and sensitive information across the network. The PupyRAT software has previously been deployed by APT 33 in attacks against critical infrastructure. Recorded Future has informed the affected target about the attack, and the security company has worked with the energy company to root out the intruders before more damage could be done.

January 13, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Travelex Says It Has Restored Some Internal Processes, Ordering Systems Two Weeks After Sodinokibi Ransomware Attack

Leading currency exchange provider Travelex said that it has restored some internal processes and ordering systems following a Sodinokibi, also known as REvil, ransomware attack on New Year’s Eve. Third-party financial institutions, including Tesco Bank, HSBC, Sainsbury’s Bank, and Virgin Money have all also had their operations impacted by the attack on Travelex. The attackers have reportedly further threatened to release files stolen from Travelex during the attack if the company does not pay the reported $6 million ransom in time.

Related: Reuters, Travelex, Cyberscoop, The Guardian, ZDNet, The Sun, Security – Computing

Tweets:@jeffstone500 @joetidy


March 7, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Cybercriminals Are Exploiting Coronavirus Fears With Phishing Campaigns to Lure Victims Into Downloading Banking Trojans

Cybercriminals are using phishing scams to lure victims with purported“safety measures” against the Coronavirus (Covid-19) including a Trickbot banking trojan campaign specifically targeting Italian email addresses in an attempt to play on worries about the virus, researchers at Sophos report. The phishing message claims to offer advice from the World Health Organization (WHO) in a Word document that must have macros enabled, which facilitates the delivery of the malware. Researchers at Fortinet have found a separate coronavirus phishing campaign that claims to come from delivery company offering an update on the impact of the virus is having on its operations.

Related: ThreatSTOP Blog, Cyber Security Review, Euronews, IT Governance Blog, JD Supra Law News, BleepingComputer.com, US-CERT Current Activity, Homeland Security Today, Sophos, Fortinet


November 13, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
New and Expensive Ransomware PureLocker Targets Enterprise Servers and Is Used by Some Top Cyber Crime Gangs

An unusual form of ransomware called PureLocker that is possibly linked to some notorious cybercriminal gangs is being deployed in targeted attacks against enterprise servers, according to analysts at Intezer and IBM X-Force. The ransomware derives its name from the fact that it is written in PureBasic, which is not typical for ransomware. PureBasic also enables the ransomware to target different platforms, including Windows, Linux, and OS-X. Some evidence suggests the service is offered as a bespoke tool, only available to cyber-criminal operations that can afford to pay a significant sum in the first place. PureLocker is sold on the dark web by what researchers describe as a ‘veteran’ provider of malicious services and has been used by top cybercrime gangs Cobalt Gang and FIN6.

September 23, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Two Android Camera Apps With 1.5 Million Downloads Removed from Google Play Store for Serving Adware, Apps Also Capable of Listening to Microphones, Staying Persistent on Devices

Two malicious Android camera apps, Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera, which had combined total downloads over 1.5 million, have been removed from the official Google Play Store for serving up adware, researchers at Wandera report. Although aimed at delivering adware, both apps had permissions that enabled them to record audio, allowing the app to use the microphone to listen in to anything said near the device at any time, as well as a number of permissions that allow the app to be persistent on the device.

October 30, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Rapidly Growing, Increasingly Lucrative eSports Industry Is Becoming Prime Target for Hackers, Unpatched Servers Are a Particular Concern

As it ramps-up to becoming a significant industry with pot prizes reaching millions of dollars, eSports is becoming a prime target for hackers and cybercrime, a new report from Trend Micro warns. Malware, distributed denial of service (DDoS) attacks, and extortion all threaten the competitive online gaming industry. Unpatched servers, in particular, could provide cybercriminals with access that they could use to conduct sabotage, inject scripts or even use to steal login credentials.

October 23, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Hostile-Nation States Responsible for ‘Significant’ Portion of Nearly 700 Attacks Aimed at UK Organizations Over Past Year, NCSC

Hostile nation-states are responsible for a “significant” portion of the 658 cyberattacks aimed at UK organizations over the past six months, according to the just-released annual report of the UK’s National Cyber Security Centre (NCSC). The top targets for attackers were government offices followed by academia and tech companies. The NCSC, the cyber arm of the country’s top intelligence agency GCHQ, helped support over 900 victims of cyberattacks during the past year. Altogether since the formation of the NCSC in 2016, it has dealt with over 1,800 cyber incidents.

Related: Bloomberg Politics, ITV News, Mirror, Techerati, Infosecurity Magazine, NCSC, Security – Computing, The Register – Security, IT Pro, Sky News, Finextra Research news, BBC News

Tweets:@VeraJourova


July 9, 2019
BBC News

BBC News  
UK’s Data Privacy Regulator Plans to Hit Marriott With $123 Million Fine Related to Breach That Exposed Data on 339 Million Guests

The UK’s data privacy regulator the Information Commissioner’s Office (ICO) has said it plans to fine the US hotel group Marriott International £99.2 million or around $123 million related to a data breach discovered in 2018, but dating back to possibly 2014, that resulted in the exposure of about 339 million guests. The ICO’s statement of intent to levy this fine against Marriott follows by one day the announcement of its intent to hit British Airways with a £183 million (around $230 million) fine for a data breach. This announcement represents the second major penalty issued by the regulator since the EU’s General Data Protection Regulation (GDPR) went into force last year.  The Marriott data breach included 30 million guest records belonging to Europeans. It occurred within Starwood, a rival group Marriott acquired three years ago. The ICO said Marriott had failed to properly review Starwood’s data practices and should have done more to secure its systems.

Related: BleepingComputer.com, DataBreachToday.com, THE INQUIRER, CNET, Financial Times, Reuters, Channel News Asia, IT Pro, ITV News, The Guardian, ComputerWeekly: IT security, CNN.com, Verdict, Security – ComputingIT Governance Blog, CISO MAG, TechCrunch, Techradar, Silicon Republic, Evening Standard, ZDNet Security, DataBreaches.net, Engadget

Tweets:@dannyjpalmer @gossithedog @ruskin147 @Hadas_Gold

BleepingComputer.com: Marriott Faces $123 Million GDPR Fine for 2018 Data Breach
DataBreachToday.com: Marriott Faces $125 Million GDPR Fine Over Mega-Breach
THE INQUIRER: ICO continues power trip with £99m GDPR fine for Marriott International
CNET: UK privacy watchdog proposes fining Marriott $124M over data breach – CNET
Financial Times: Marriott faces £100m fine over Starwood data breach
Reuters: UK watchdog proposes to fine Marriott $124 million for data breach
Channel News Asia: UK watchdog proposes to fine Marriott US$124 million for data breach
IT Pro: Marriott fined £99m for 2018 data breach
ITV News: Hotel firm Marriott to be fined £99 million for customer data breach
The Guardian: Marriott to be fined nearly £100m over GDPR breach
ComputerWeekly: IT security: Marriott International facing £99m GDPR fine
CNN.com: UK proposes another huge data fine. This time, Marriott is the target
Verdict: Marriott fined £99m for Starwood data breach
Security – Computing: Marriott to face £99 million GDPR fine from ICO over November 2018 data breach
IT Governance Blog: British Airways faces sky high £183 million GDPR fine
CISO MAG: British Airways faces $230 million GDPR fine
TechCrunch: Marriott to face $123 million fine by UK authorities over data breach
Techradar: Marriott owner facing huge GDPR breach fine
Silicon Republic: UK data watchdog to fine hotel giant Marriott almost £100m
Evening Standard: Marriott International hotel chain set to be fined more than £99million for breaches of data protection law
ZDNet Security: Marriott faces $123 million GDPR fine in the UK for last year’s data breach
DataBreaches.net: Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach
Engadget: Marriott faces $123 million UK fine over data breach

@dannyjpalmer: Good news! You can now re-purpose British Airways GDPR fine canned comment and make it about the Marriott GDPR fine instead. ?
@gossithedog: ICO tending to fine Marriot (US firm) £99m (around $140m USD) under GDPR, citing lack of cybersecurity due diligence during acquisition of Starwood.
@ruskin147: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/statement-intention-to-fine-marriott-international-inc-more-than-99-million-under-gdpr-for-data-breach/ … Another big post-GDPR fine from the Information Commissioner - this time intention to fine Marriott £99m over data breach
@Hadas_Gold: Uk data regulator issues Intention to fine Marriott International more than £99 million ($123m) under GDPR for data breach


November 12, 2019
Peter Walker and Alex Hern / The Guardian

Peter Walker and Alex Hern / The Guardian  
UK’s Labour Party Said It Suffered a Short-Lived and Unsuccessful DDoS Attack

The UK’s Labour Party said it suffered a “sophisticated and large-scale cyber-attack” on its digital systems from an unknown source, reportedly a distributed denial of service (DDoS) attack. The attack was a short-lived and unsuccessful effort to take down the Party’s websites. Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The Party has informed GCHQ’s National Cyber Security Centre.

Related: BBC News, Computing, The Register, Reuters, THE INQUIRER, Thomas Brewster – Forbes, ComputerWeekly: IT security, AP Breaking NewsEvening Standard, Gizmodo, The New European – Latest news, Daily Mail, CNN.com, Business Insider, Sky News, IT Pro, ZDNet Security,  ITV News, POLITICO EU, Infosecurity Magazine, Techradar

Tweets:@jc_stubbs @GossiTheDog @MabbSec @dannyjpalmer @gcluley @nickeardleybbc @ruskin147 @GossiTheDog @GossiTheDog @gcluley @GossiTheDog @GossiTheDog @jc_stubbs

BBC News: General election 2019: ‘Cyber-attack’ on Labour Party digital platforms
Computing: Labour Party targeted in DDoS attack
The Register: ‘Sophisticated’ cyber attack on UK Labour Party platforms was probably just a DDoS, says official
Reuters: Cyber attack on Labour Party was short-lived attempt to take down websites – source
THE INQUIRER: Labour Party targeted by ‘large-scale’ cyber attack
Thomas Brewster – Forbes: UK’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election
ComputerWeekly: IT security: ‘Robust’ security foils cyber attack on Labour Party
AP Breaking News: The Latest: UK Labour Party hit by large-scale cyberattack
Evening Standard: Labour cyber attack: Party experiences 'sophisticated and large scale attack' on digital platforms
Gizmodo: UK Labour Party Hit With ‘Sophisticated and Large Scale’ Cyber Attack During Election Campaign
The New European – Latest news: Labour hit by ‘sophisticated’ cyber attack on its digital platforms
Daily Mail: Labour is hit with ‘sophisticated and large scale cyber attack’
CNN.com: UK Labour Party says it has experienced a ‘large scale cyber attack’ on its digital platforms
Business Insider: The Labour Party has suffered a ‘sophisticated and large-scale cyber-attack’ ahead of the general election
Sky News: Labour hit by ‘sophisticated, large-scale cyber attack’
IT Pro: Labour Party targeted by ‘large scale’ cyber attack
ZDNet Security: Large-scale cyber attack hits Labour Party systems
ITV News: Labour Party confirms ‘sophisticated and large scale cyber attack’ on digital platforms
POLITICO EU: Labour Party targeted by cyber attack
Infosecurity Magazine: UK Labour Party Hit By “Sophisticated” and “Large-Scale” Cyber-Attack
Techradar: Labour Party hit by major cyberattack

@jc_stubbs: So the "sophisticated and large scale" cyber attack on @UKLabour was a short-lived DDOS attempt, picked up by Cloudflare. Per a source: “It was ... nothing more than what you would expect to see on a regular basis." “It looked like someone bored in their bedroom with a botnet.”
@GossiTheDog: This was a denial of service attack. Labour use Cloudflare who soaked it up. It was not sophisticated.
@MabbSec: A spokesperson for the party said the attack, which occurred just weeks ahead of the General Election on 12 December, had been foiled by the party's "robust security systems". AKA, @Cloudflare halted the attack.
@dannyjpalmer: We go live to the Labour Party in the aftermath of a cyber attack.
@gcluley: The UK's Labour Party says there has been a "sophisticated and large-scale cyber-attack" on its digital platforms https://www.bbc.co.uk/news/election-2019-50388879 … #GeneralElection2019
@nickeardleybbc: Labour spokesman: “Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed. We have reported the matter to the National Cyber Security Centre.”
@ruskin147: One Labour source tells me their staff have detected “tens of millions of attacks - mostly originating from Russia and Brazil”
@GossiTheDog: Looks like http://labour.org.uk is down. Copycats?
@GossiTheDog: I don’t think people realise how prolific these services are, google Booter. Many accept PayPal, you just stick in a website address. Many have Cloudflare origin resolvers too.
@gcluley: The Labour website right now...
@GossiTheDog: If anybody from Labour tech follows me, get somebody to go into Cloudflare - Firewall - add a rule like below to filter any request outside UK to JS Challenge. Also enable rate limiting globally but set a high limit before challenge. Also you might want to lock down origin IP.
@GossiTheDog: They just did this, traffic outside UK is blocked now and site is back.
@jc_stubbs: According to documents seen by @Reuters and a person with knowledge of the matter: UK Labour Party is currently undergoing second DDoS attack Second attack began around 1320 GMT and peaked about an hour later Both attacks judged to be "very unsophisticated"