News

The group behind Evilnum malware, that targets financial institutions, appears to be testing new techniques. ESET researchers published an analysis of advanced persistent threat (APT) group Evilnum, known for developing malware of the same name. A detailed look at its activity reveals an evolved toolset and infrastructure that combine custom malware with tools bought from malware-as-a-service (MaaS) providers. Evilnum has been around for at least two years, according to Matías Porolli, a malware researcher at...

Any.Run is a malware analysis sandbox service that lets researchers and users safely analyse malware without risk to their computers. And now malware developers are checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analysed by researchers.   Source: Bleeping Computer

Security researchers recently found a flaw in the videoconferencing software, Zoom, which would have allowed hackers to remotely take control of computers running on old Microsoft Windows operating systems. Specifically, the vulnerability applies to Zoom running on Windows 7 or older operating systems. While Microsoft has attempted to phase out technical support for Windows 7 to encourage users to upgrade, many continue to use it - leaving many at risk. Source: CyberScoop

This week, Google announced that it would now ban any ads that promote any form of surveillance technology, including stalkerware. As part of an update on Google Ad policies, this change will take effect on the 11th of August 2020. Advertisers will no longer be able to promote the following: Technology that allows intimate partner surveillance, such as monitoring texts, calls or browser history. GPS tracking, to track someone without consent. Other surveillance equipment used...

First spotted towards the end of December 2019, the Conti ransomware has since increased its number of attacks. It appears that this new ransomware shares certain code as Ryuk. The latter has also begun to disappear, whilst Conti's distribution is growing. Indeed, it is becoming a considerable threat as it works faster and performs more targeted attacks compared to its predecessor. Source: Bleeping Computer

Google has recently removed yet another 11 compromised Android applications from its app store, Google Play, as a new variant of the Joker malware has returned to the store. This has become a recurring theme since 2019 and has continued to have success in manoeuvring past Google Play's protections as slight changes are made to the code each time. What's more, researchers now claim that Joker has now taken things a step further by hiding...

The COVID-19 Threat Intelligence Insight report was provided by AT&T Cybersecurity and the Telco Security Alliance (TSA), which observed cyberthreat activity between January and June 2020. The TSA consists of a group including Singtel (Trustwave), and Telefónica (ElevenPaths), and aims to offer enterprises comprehensive cybersecurity insights to help them address the threat of cyberattacks and the evolving threat landscape.   The findings include threat intelligence examined and provided by AT&T Alien Labs Open Threat Exchange,...

A new initiative has been introduced by Google aimed at protecting the integrity of open source projects. This follows as a result of a number of cases where open source trademarks have been impacted by public cloud providers offering managed services. One such example is Amazon Web Services which copied the open source software from Elastic and created their own Elasticsearch service. Source: Computer Weekly

According to a Honeywell report, the use of USBs are the second most widespread industrial vector vulnerability within operational technology. Whilst the number of threats disrupting OT was at 26% in 2018, this percentage has significantly risen to 59% today. “This isn’t a case of accidental exposure to viruses through USB,” said Eric Knapp, director of cybersecurity research and engineering fellow for Honeywell Connected Enterprise, Cybersecurity. “It’s a trend of using removable media as part...

Ecommerce sites are being used by a Russian fraud group to check that the credit cards they have stolen continue to be valid. Discovered by the anti-fraud company, Sift, the criminal gang, also known as Bargain Bear, employs a new approach that does not raise suspicion with the card owner. To do this, they create multiple fake product listings on the dark web at around $99. They then bargain their way down to $1, when...