Gold Galleon hackers target maritime shipping industry

Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis. On Wednesday, security experts from the Secureworks Counter Threat Unit (CTU) said that the previously unidentified “Gold Galleon” threat group specializes in business email compromise (BEC) and business email spoofing (BES) […]

This malware will take screenshots, steal your passwords and files – and drain your cryptocurrency wallet

A new strain of malware allows hackers to take action screenshots and steal passwords, to download files and even steal the contents of cryptocurrency wallets. Named ‘SquirtDanger’ after a dynamic-link library (DLL) file consistently served by its distribution servers, the malware is written in C Sharp and has multiple layers of embedded code. The malware is set […]

This ransomware was rewritten to mine cryptocurrency – and destroy your files

Cybercriminals are known to be shifting away from ransomware in favour of cryptocurrency mining, but those behind one form of malicious software have pivoted by re-purposing what was file-encrypting malware into something which now highjacks PCs for mining. Uncovered by researchers at Trend Micro, the cryptocurrency miner is said to be “distinctly similar” to XiaoBa, a […]

How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices

An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it. The vulnerability was discovered by Symantec researchers, disclosed to Apple and now to the RSA Conference […]

This malware targets Facebook log-in details, infects over 45,000 in just days

Users who download a painting software advertised as a tool for stress relief might soon find themselves stressed out because the program is actually a front for malware which steals their Facebook credentials and payment information. ‘StressPaint’ first appeared a few days ago and at the time of writing has infected over 45,000 Facebook users. […]

SamSam explained: Everything you need to know about this opportunistic group of threat actors

The first version of the SamSam (a.k.a. Samas or SamsamCrypt) ransomware was developed and released in late 2015 by a group of threat actors believed to reside in Eastern Europe. The group itself is mostly a mystery, but the code it developed and the resulting pain from its usage isn’t. SamSam is a serious threat […]

Cisco plugs critical hole in WebEx, users urged to upgrade ASAP

Cisco has fixed a critical vulnerability in its WebEx videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a booby-trapped Flash file shared in a meeting. The flaw is due to insufficient input validation by the Cisco WebEx clients, and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco […]

8 Ways Hackers Monetize Stolen Data

We are long past the era of the 14-year old teenage hacker trying to spoof a corporate or defense network for the fun of it, just because they can. While that still happens, it’s clear that hacking has become big business. From China allegedly stealing billions of dollars annually in intellectual property to ransomware attacks […]

New Malware Adds RAT to a Persistent Loader

VBScript has long been an attack vector that could bring malicious software to an infected machine. But what if it could do more? What if VBScript could open a door to allow a PHP application access that would take control of a computer, making it part of a botnet? That’s precisely the scenario in a […]

Hackers are using botnets to take the hard work out of breaking into networks

It’s not unheard of to see botnets conducting device exploitation using public and known vulnerabilities to silently break into devices to take them over, and steal data or conduct attacks. But can a botnet be used to break into a network? New research from Boston-based Cybereason wanted to test that theory. By creating a honeypot network, the […]