Cyber espionage actors have developed a malware that can mark victims’ TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later. Dubbed Reductor, the malware appears to share similar code to the COMpfun trojan, which was first documented in 2014 and is closely associated with suspected Russian APT group Turla, aka…
Cisco Systems on Wednesday issued a series of security updates, in the process disclosing 29 vulnerabilities, including 16 high-impact ones. Among the most serious issues are a series of bugs found in various security-related products, including Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, Firepower Management Center and FXOS Software. Certain of these vulnerabilities allow for…
Microsoft Corp. yesterday re-released a security update for CVE-2019-1367, a critical remote execution bug in Internet Explorer that has been actively exploited. The new release expands upon the previous emergency out-of-band update, which took place Sept. 23. According to reports, the company’s earlier effort to distribute a patch was only available on a limited basis…
Drawing on three years of investigatory work, researchers have assembled a detailed playbook on PKPLUG, a suspected Chinese threat actor targeting Asians with an assortment of malware used for cyber espionage purposes. The authors of this playbook – members of Palo Alto Networks threat research group Unit 42 – were able to connect PKPLUG to…
The FBI yesterday issued a new public service announcement regarding the ongoing ransomware epidemic, emphasizing that attacks are becoming more targeted since early 2018, with losses increasingly significantly in that time. The alert is intended to update and supplement a previous ransomware warning that the FBI issued back in September 2016, and specifically identifies state…
Thanks in no small part to the perpetrators’ own sloppy operational security, researchers have uncovered a large Android banking trojan scheme that may have impacted hundreds of millions of Russians. Dubbed Geost, the malware is distributed via a malicious cybercriminal botnet operation consisting of 13 command-and-control servers and more than 140 malicious domains, according to…
The cat came back the very next day… and it keeps coming back. A malvertising operation designed to infect online publishers with browser-hijacking malware called Ghostcat-3PC has launched at least 18 separate infection campaigns in the last three months alone, according to a new report from the Digital Security & Operations (DSO) team at The…
The U.S. Senate last week passed a bill requiring the Department of Homeland Security to maintain cyber hunt and incident response teams, while the House passed one that instructs DHS to share protocols for mitigating cyber vulnerabilities. The Senate bill, S.315, aka the DHS Cyber Hunt and Incident Response Teams Act of 2019, passed by…
More than 170,000 users of online forums operated by cybersecurity company Comodo Group reportedly had their data stolen by a malicious actor who exploited a recently disclosed vulnerability in vBulletin’s internet forum software. The Clifton, N.J.-based Comodo learned of the attack on September 29, and responded by taking its forums offline and applying patches, the…
Ransomware is everywhere. It plagues businesses big and small, across the globe, even in the most hidden corners. Still, over the past year, certain industries have been feeling the pain more than others. A Malwarebytes quarterly report released last August found that detections of ransomware among organizations rose 365 percent from Q2 2018 to Q2…
