Lazarus-the North Korean state hacking group behind the WannaCry worm, the theft of $81 million from a Bangladesh bank, and the attacks on Sony Pictures-is looking to expand into the ransomware craze, according to researchers from Kaspersky Lab. Like many of Lazarus' early entries, the VHD ransomware is crude. It took the malware 10 hours to fully infect one target's network. It also uses some unorthodox cryptographic practices that aren't "semantically secure," because patterns of the original files remain after they're encrypted. READ MORE...
The Vatican and the Catholic Diocese of Hong Kong have been the targets of alleged Chinese state-backed hackers ahead of talks on renewal of a landmark 2018 deal that helped thaw diplomatic relations between the Vatican and China, according to a monitoring group. The alleged attacks by a group called RedDelta began in May with an eye on September talks to renew a provisional agreement on bishop appointments, according to a report Tuesday by the U.S.-based Recorded Future, which tracks state-backed cyber attacks. READ MORE...
The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. The Dussmann Group is the largest multi-service provider in Germany with subsidiaries focusing on facility management, corporate childcare, nursing and care for the elderly, and business systems solutions, including HVAC, electrical work, and elevators. READ MORE...
The Federal Bureau of Investigation (FBI) has issued an alert warning private sector organizations in the United States about a ramp-up in the use of built-in network protocols for large-scale distributed denial-of-service (DDoS) amplification attacks. "A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim." wrote the FBI. READ MORE...
The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets' systems. This is the first time the botnet is using stolen attachments to add credibility to emails as Binary Defense threat researcher James Quinn told BleepingComputer. The attachment stealer module code was added around June 13th according to Marcus 'MalwareTech' Hutchins. READ MORE...
Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application led to a compromise of the organization's administrative network accounts. It culminated in a data-wiping attack on Dec. 29 that hit most of the machines on the organization's IT network. READ MORE...
Researchers have discovered a slew of issues in the popular OkCupid dating app, which could have allowed attackers to collect users' sensitive dating information, manipulate their profile data or even send messages from their profile. OkCupid is one of the most popular dating platforms worldwide, with more than 50 million registered users, mostly aged between 25 and 34. Researchers found flaws in both the Android mobile application and webpage of the service. READ MORE...
A critical vulnerability in a third-party plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. The vulnerability, discovered by security researchers at Wordfence, hides in a vulnerable version of the wpDiscuz commenting plugin and enables hackers to upload arbitrary files to targeted websites, including executable PHP files. READ MORE...