Cyberwarfare

Malware & Threats

Issued by: Security Week

Tuesday’s attack “technically” resembles two previous incidents whose perpetrators “were unquestionably our enemies, namely the United States and the Zionist regime”, the Revolutionary Guards’ Gholamreza Jalali said. “We have analysed two incidents, the railway accident and the Shahid Rajaei port accident, and we found that they were similar,” Jalali, who heads a civil defence unit…

Network Security

Issued by: Security Week

In the SolarWinds incident, up to 18,000 companies could have received the malware injected into the SolarWinds software. Not all could have been affected. Many of these ‘victims’ did not install the infected version, and many others did so on servers with no internet connectivity. Of those companies that did receive the Nobelium Sunburst malware,…

Malware & Threats

Issued by: Security Week

As part of the observed attacks, the group used an updated DeathNote malware cluster, which includes a slightly modified version of BLINDINGCAN, a piece of malware that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) associated with the group. A new variant of COPPERHEDGE, which Lazarus has been using for at least two years, was…

Network Security

Issued by: Security Week

Conducted in Tel Aviv, the researcher’s experiment showed just how easy an attacker could hack into home and enterprise networks, by simply walking around a city with the right equipment in hand. For his experiment, CyberArk’s Ido Hoorvitch used an AWUS036ACH ALFA Network card, which costs around $50, and provides both monitoring and packet injection…

Vulnerabilities

Issued by: Security Week

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this. Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured. According to Mozilla, a…

Application Security

Issued by: Security Week

First discovered in January this year, Necro Python is also tracked as N3Cr0m0rPh, FreakOut, Python.IRCBot and is known for attempting to exploit multiple known vulnerabilities. In late September, the botnet added to its arsenal an exploit targeting a security vulnerability in Visual Tools DVR VX16 4.2.28.0, according to a warning from Juniper Threat Labs. Based…

Mobile Security

Issued by: Security Week

Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables…

Malware & Threats

Issued by: Security Week

Threat intelligence company Recorded Future reported on Tuesday that it had seen four different Chinese threat groups targeting a mail server belonging to Roshan, a major telecom provider that has more than 6.5 million subscribers across Afghanistan. The attacks were conducted by the groups known as Calypso and RedFoxtrot, as well as two different Winnti…

Malware & Threats

Issued by: Security Week

The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.” Cybersecurity and Infrastructure Security Agency Director Jen Easterly initially disclosed that the port was the target of an attack…

Malware & Threats

Issued by: Security Week

The development, first reported by Business Insider, comes as German federal prosecutors probe alleged cyber attacks against lawmakers during the campaign to choose a new parliament and a successor to Chancellor Angela Merkel. “At the end of August the website of the Federal Returning Officer only had limited accessibility for a few minutes due to…