Unit 42 have been doing some really interesting research into TheBottle, the actor behind SquirtDanger. As part of an investigation into the SquirtDanger malware, Unit 42 discovered that the code repository had been posted by Russian cybercriminal TheBottle. While the malware itself proved to be interesting, it was the actor behind it that provided a much more interesting story. TheBottle has been active on global underground marketplaces for years, distributing, selling, and trading malware and source code. Unit 42’s research unearthed a confessional blog, social media accounts and a Telegram account of roughly 900 attackers co-ordinating their activity. You can…
ISBuzz Team
News broke earlier that the UK Department of Health and Social Care has announced that it will transition all National Health Service (NHS) computer systems to Windows 10. Officials cited the operating system’s more advanced security features as the primary reason for upgrading current systems, such as the SmartScreen technology included with Microsoft Edge (a Google Safe Browsing-like system) and Windows Defender, Microsoft’s sneakily good antivirus product. IT security experts commented below. Mark James, Security Specialist at ESET: “The benefits of Windows 10 over 7 (and XP) are huge, especially the browser, but we must remember it’s not just the desktop…
Cynerio, a cybersecurity solutions provider specializing in helping healthcare organizations identity and prevent cyberattacks, today commented on a new ICS-CERT advisory of vulnerabilities found in BD Pyxis products, a medication and supply management system. ICS-CERT is the US government agency in charge of the cybersecurity posture of critical infrastructure in the US. Leon Lerman, CEO at Cynerio: “BD, a medical device manufacturer, has warned that some of its products might be vulnerable to an industry-wide set of WiFi vulnerabilities known as KRACK. These vulnerabilities expose WiFi communications to a man in the middle (MiTM) by an attacker in physical proximity – for access points…
Attackers can interfere with interaction of ICS components German vendor Hirschmann, a Belden company, has published information about fixes for five vulnerabilities in network switches used in energy, chemical manufacturing, transportation, and other industries. The vulnerabilities were discovered by Positive Technologies experts Ilya Karpov, Evgeny Druzhinin, Mikhail Tsvetkov, and Damir Zaynullin. The described issues affect Hirschmann (Belden) RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic switches. A session fixation vulnerability in the switch web interface enables an attacker to hijack a web session (CVE-2018-5465, CVSS v. 3.0 score 8.8). The second vulnerability (CVE-2018-5467, score 6.5) allows an attacker…
A new Ponemon study* commissioned by ObserveIT reveals that the average cost of an insider-related incident is $8.76 million over the course of a year and it takes more than two months, on average, to contain an insider incident. Justin Jett, Director of Audit and Compliance at Plixer commented below. Justin Jett, Director of Audit and Compliance at Plixer: “As the cost of insider threats continues to grow, it is important for IT professionals to have the data context they need to know where an attack is taking place. As the report indicated, 64% of incidents resulted from negligent employees.…
Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor is able to launch a phishing campaign, that collects the personal and financial information of unsuspecting consumers, very quickly. Tim Helming, Director of Product Management at DomainTools commented below. Tim Helming, Director of Product Management at DomainTools: “The discovery of…
Western Digital’s My Cloud is a popular storage/backup device that lets user’s backup and store important documents, photos and media files. Unfortunately, the default configuration of a new My Cloud EX2 drive allows any unauthenticated local network user to grab any files from the device using HTTP requests. This is due to a UPnP media server that is automatically started when the device is powered on. By default, unauthenticated users can grab any files from the device completely bypassing any permissions or restrictions set by the owner or administrator. Here is small proof-of-concept with explanation of each step: Attacker issues…
NCSC SUPPORTS INDUSTRY DRIVE TOWARDS COMMON STANDARDS FOR SECURE COMMUNICATION NCSC joins not-for-profit membership organisation Secure Chorus Membership underlines support for common standards for enterprise secure communication Much needed public-private collaboration forum for long-term security of the global digitally enabled economy The National Cyber Security Centre (NCSC) has joined the not-for-profit membership organisation, Secure Chorus, as a Government Member. Secure Chorus serves as a platform for public-private sector collaboration and is committed to developing a security baseline for the digital economy in the field of secure multimedia communication. As part of its remit to make the UK the safest…
Google says it will add new parental controls (including algorithm-based filtering) to its YouTube Kids app, after inappropriate videos were repeatedly discovered on the service. David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “These measures from YouTube are a step in the right direction. However, until YouTube has machine learning algorithms that can match human filtering, it shouldn’t be an option – or, at least, the human filter should be the default. According to Kaspersky Lab research, the average child spends 40 minutes per day, or 4.6 hours a week,…
UK businesses are being urged by the Department for Digital, Culture, Media and Sport (DCMS) to protect themselves against cyber crime after new statistics show over four in ten (43%) of businesses and two in ten charities (19%) suffered a cyber breach or attack in the past 12 months. IT security experts commented below. Koby Kilimnik, Security Researcher at Imperva: “Cybercrime is now an industry unto itself. And, just as any industry evolves, so does the cybercrime industry. Data is at the centre of the cybercrime industry and at the centre of today’s digital environment. Additionally, there is more data is in…
