Telegrab: Russian malware hijacks Telegram sessions

Researchers have discovered and analyzed an unusual piece of malware that, among other things, seeks to collect cache and key files from end-to-end encrypted instant messaging service Telegram. Cisco Talos researchers Vitor Ventura and Azim Khodjibaev dubbed the malware Telegrab. They analyzed two versions of it. The first one, discovered on April 4, 2018, only […]

Hardcoded admin passwords in Cisco DNA Center could put your enterprise network at risk

Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. […]

Brutal cryptocurrency mining malware crashes your PC when discovered

A new form of cryptominer has been discovered which crashes systems the moment antivirus products attempt to remove the malware. The malware, dubbed WinstarNssmMiner by 360 Total Security researchers, has been used in half a million attempted attacks leveraged at PCs in only three days. The cybersecurity firm said the cryptomining malware aims to infect PCs in […]

Get Ready for ‘WannaCry 2.0’

They’re still out there, pinging away for vulnerable Sever Message Block (SMB) services in order to find a way in. One year after the historic and massive WannaCry ransomware attack unleashed by nation-state hackers from North Korea, an unknown number of WannaCry-infected Windows machines in their zombie state around the globe continue to attack other […]

Relying on legacy security technologies leaves you blind to IoT threats

As shadow IoT infiltrate organizations, the variety of risks and threats stemming from these devices put networks and data at risk, according to 802 Secure. IoT and IIoT (Industrial IoT) introduce new IoT networks autonomous from the enterprise network. Organizations are blind to these IoT networks and devices across a plethora of new protocols and frequencies. “While most organizations prepare […]

Adware bundle makes Chrome invisible to launch cryptojacking attacks

An adware bundle has been discovered which installs software to mine cryptocurrency on user PCs without their consent. Analysts from Bleeping Computer say that an adware bundle called FileTour has often walked a tightrope between nuisanceware, adware, and potentially unwanted programs (PuP), but now, the package has gone further by jumping on the cryptojacking bandwagon. FileTour, believed to […]

Europe continues to be a cybercrime hub

ThreatMetrix announced new data revealing a 30 percent year-on-year increase in the volume of cyberattacks hitting Europe in the first quarter of 2018. As attacks patterns morph across the region, European digital businesses were hit with 80 million fraud attempts, as they experienced more pronounced spikes of peak attack periods throughout Q1 2018 compared to […]

This cryptocurrency phishing attack uses new trick to drain wallets

A criminal group keen to take advantage of the potentially lucrative opportunities offered by the boom in cryptocurrency has developed a sophisticated new scheme to hijack Ethereum wallets and steal the contents in a first-of-its-kind attack. Dubbed MEWKit by security researchers at security company RiskIQ who uncovered it, the phishing campaign mimics the front end of the MyEtherWallet website for […]

Companies ditch data as GDPR deadline approaches

A new study from IBM reveals that nearly 60 percent of organizations surveyed are embracing the GDPR as an opportunity to improve privacy, security, data management or as catalyst for new business models, rather than simply a compliance issue or impediment. To reduce their exposure, the study indicated that the majority of companies are being more selective in […]

White House axes cyber czar role; DHS unveils new cybersecurity strategy

Even as Homeland Security released a new strategy for identifying and managing cybersecurity risks, the White House axed the cybersecurity coordinator position on the National Security Council because they said the role is no longer considered necessary. Meanwhile, when releasing the new DHS comprehensive cybersecurity strategy(pdf), Homeland Security Secretary Kirstjen Nielsen said, “The cyber threat landscape is […]