Cyber Bites

Australia is currently the target of a "sophisticated" cyber attack - and an unnamed foreign government is behind it. Scott Morrison, the country's prime minister, says the attacks have targeted all levels of the government - as well as political organisations, essential service providers and operators of other critical infrastructure. "We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting," he said at a news conference. Mr...

Spreading via poisoned Google search results, this new version of Mac’s No. 1 threat comes with added stealth. A fresh variant of the Shlayer Mac OSX malware with advanced stealth capabilities has been spotted in the wild, actively using poisoned Google search results in order to find its victims. According to researchers at Intego, the malware, like many malware samples before it, is purporting to be an Adobe Flash Player installer. However, it has its...

Microsoft report offers insight on how threat actors exploited COVID-19 across the globe. A report from the Microsoft Threat Protection Intelligence Team found that Covid-19-themed cyberattacks peaked in early March and are now trending significantly down. The report also noted that those attacks have been a drop in the bucket compared to overall threats observed over the last four months. The report, which examined how cyberattacks exploited the crisis, found that attackers used local lures and preyed on people’s...

Cisco today released security updates to address two high severity vulnerabilities found in the Cisco Webex Meetings Desktop App for Windows and macOS that could allow unprivileged attackers to run programs and code on vulnerable machines. Cisco Webex Meetings is an online meeting and video conferencing software that makes it easy to schedule and join meetings. The platform also provides presentation, screen sharing, and recording capabilities. The two vulnerabilities are tracked as CVE-2020-3263 and CVE-2020-3342, and they affect Cisco Webex Meetings Desktop...

A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September to December 2019, according to a company blog post and corresponding white paper by ESET researchers Dominik Breitenbacher and Kaspars Osis. Its primarily purpose was data gathering and...

The beautiful game is back on the pitch in the U.K. — and cyberattackers will be looking to take advantage of fans streaming the games. England’s Premier League is returning this week, with millions of soccer fans around the world looking to stream matches using their online video accounts, often to support their team or stay on top of their fantasy league points. Unfortunately, the U.K.’s National Cyber Security Centre (NCSC) is warning on phishing,...

In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As a managed service provider (MSP), Cognizant remotely manages many of its clients to fix issues, install patches, and monitor their security. On April...

Facebook boss Mark Zuckerberg says users will be able to turn off political adverts on the social network in the run-up to the 2020 US election. In a piece written for USA Today newspaper, he also says he hopes to help four million Americans sign up as new voters. Facebook has faced heavy criticism for allowing adverts from politicians that contain false information. Rival social platform Twitter banned political advertising last October. “For those of...

Plex has patched and mitigated three vulnerabilities affecting Plex Media Server for Windows that could enable attackers to take full control of the underlying system when chained together. Plex Media Server is a desktop app and the backend server for the Plex media streaming service, designed for streaming movies, TV shows, music, and photo collections to over the Internet and on local area networks. The three vulnerabilities tracked CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742 were found by Tenable security researcher Chris Lyne and reported to...

Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. In a recent research paper titled "Cloud as an Attack Platform", five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith Jones – describe a series of interviews they conducted with computer security pros attending the Black Hat and DEF CON conferences. Of the 75...