Hackers, going by the online name of Lab Dookhtegan, have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government. Alexander Heid, White Hat Hacker and Chief Research Officer at SecurityScorecard: “Now that these scripts are public, they will likely be leveraged by cybercriminal groups and script kiddies around the world as the public arsenal of free hacking tools grows ever larger. While the fallout of this will likely not have the same global impacts as the EquationGroup, hacking tools leak (such as the deployment of WannaCry ransomware) – the release…
ISBuzz Team
An eGobbler malvertising campaign leveraging a Chrome vulnerability that is targeting iOS users has been discovered by security researchers at Confiant. https://twitter.com/HackRead/status/1118493387202682880 Mike Bittner, Digital Security and Operations Manager at The Media Trust: “While some researchers have found this malvertising campaign affecting only users of Chrome for iOS, we have seen it affect Safari users as well. This is significant because most iPhone users browse using Safari. The fraudulent reward pop-ups masquerading as ads from highly recognized retailers are taking advantage of JavaScript functions that are normally used to serve ads, exhibiting their familiarity with the digital ad supply chain’s advantageous reach. These malicious actors are becoming…
It has been reported that android developers new to Google’s phone platform could have publication of their apps delayed for days as more rigorous checks are done on coders.Google said it was stepping up checks on app-makers it had not seen before to thwart “bad faith” developers. These malicious developers often create new accounts to avoid Google’s checks, it said. Others hijack existing accounts to exploit the good reputation which established developers have accrued. Kristy Edwards, Director, Security Intelligence Product Management at Lookout: “Trusted app stores like Google Play need to take numerous precautions to keep out malicious apps. Lookout experiences Google’s methodical approach first hand every…
Google experienced a global outage last night, preventing users from logging in to the company’s many applications, including Gmail and Google Docs and any site that allows access via a Google account. https://twitter.com/guardian/status/1118654747077169153 https://twitter.com/slaksmi/status/1118664146780733440 https://twitter.com/SaysSmithy/status/1106035808899751936 Expert Comments: Tim Dunton, MD at Nimbus Hosting: “In an age where Google’s core services and platforms, such as Gmail and Google Drive, are used so heavily for the transfer of essential information in business – it is simply not acceptable that a faulty IT infrastructure can render the service completely useless for its millions of users. Google’s statement that they will conduct an…
Following the Cisco report released yesterday, Nominet – the organisation responsible for the .UK domain – has issued the following statement about the safety of the UK domain’s DNS, and has also offered advice for businesses: Cath Goulding, Head of Cyber Security at Nominet: “From a .UK perspective, Nominet has taken steps to ensure that the country’s top-level domain and DNS is secure from this sort of attack by applying a layered security approach. This includes two factor authentication (2FA) across our systems and Domain Lock for our registrars. While 2FA helps verify authenticity, Domain Lock is a tool by which registrars can literally ‘lock’ domains so that no…
Online pornography age checks are going to be mandatory in UK from 15th July but there are number of ecurity implications around this and the possibility of cybercriminals creating fraudulent age verification processes in order to access the personal information of unsuspecting Brits. Twitter Reaction: https://twitter.com/IFEX/status/1118796285807681536 https://twitter.com/UkPlusMore_/status/1118550422493569024 https://twitter.com/okeefekat/status/1118515942731001856 Expert Comments: John Fokker, Head of Cyber Investigations at McAfee: “It is important that the implementation of these robust age verification checks are done diligently, as it is likely that cybercriminals will target users by creating fraudulent age verification processes to cash-in on unsuspecting Brits. “As it stands, some websites ask for age verification through the means…
News broke overnight on how the state-backed “Sea Turtle” hacker group is hijacking government domains for entire countries. https://twitter.com/AlexWitzleben/status/1118823033760776193 In brief, the hackers would change the target organization’s domain registration to point to their own DNS servers—the computers that perform the DNS translation of domains into IP addresses—instead of the victim’s legitimate ones. This sort of man-in-the-middle attack should be prevented by SSL certificates, but the hackers simply used spoofed certificates from Let’s Encrypt or Comodo, invalid on close inspection but still able to trick users with signs of legitimacy. Expert Comments: Martin Thorpe, Enterprise Security Architect at Venafi: “This campaign of attacks is highly…
UK Government’s Department for Digital, Culture, Media and Sport shared the contact details of 300 journalists, allowing their addresses to be seen by other people. This is the third government email blunder in the past two week’s following the Home Office’s use of CC rather than BCC when emailing EU citizens, and individuals involved in receiving compensation from the Windrush Compensation scheme. https://twitter.com/ChrisLDyson/status/1118550064929095681 Adenike Cosgrove, Cybersecurity Strategist, EMEA at Proofpoint: “Unfortunately despite rigorous technical and process controls, examples of human error such as this can mean the difference between a normal day and a data protection disaster. What we’re seeing from a lot…
A new ransomware family called ‘NamPoHyu Virus’ or ‘MegaLocker Virus’ is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt over half a million accessible Samba servers. https://twitter.com/morodog/status/1118451800263184384 Roy Rashti, Cybersecurity Expert at BitDam: “The reason that the attackers are using this technique is that it’s easier and safer. They do not need to work hard to reach end-user computers, nor try to evade the detection of security solutions. Instead, they’re simply brute forcing passwords to gain access to the data, which nobody is likely to…
Government, Defence and Industry Representatives Attend Live Industrial Drone Mission Demonstrations in Canberra Percepto today announced that it has launched its all-in-one aerial solution for autonomous security, safety and inspection missions in Australia, following the completion of a series of successful live mission demonstrations in Canberra. The tests were observed in the capital by a delegation representing government, defence and industry organizations from across the country. During the demonstration, Percepto conducted missions to highlight how its autonomous ‘Sparrow’ drones can deliver value across a diverse range of industrial and enterprise applications in sectors including mining, oil and gas, renewable energy, utilities, port and sea terminals. The Percepto Solution delivers fully autonomous real-time human/vehicle detection…