State-Sponsored Hackers Use Sophisticated DNS Hijacking in Ongoing Attacks

With growing concern over DNS manipulation attacks, details on a new elite state-sponsored DNS hijacking campaign have been released. Called operation Sea Turtle, researchers believe that at least 40 different organizations across 13 countries have been compromised. Researchers at Cisco Talos discovered the ongoing campaign targeting both public and private entities, and including national security agencies, located primarily in the Middle East and North Africa. While confident that the attackers…

April 18, 2019
Read More >>

Respect Is Key for Retaining Top Security Talent

There are No Shortcuts or Easy Fixes for Retaining Top Security Talent, but Respect is Key In the words of the famous song “Respect”, written by Otis Redding and popularized by Aretha Franklin: “All I’m askin’ Is for a little respect when you get home (just a little bit) … R-E-S-P-E-C-T Find out what it means to me R-E-S-P-E-C-T” According to Rolling Stone Magazine, Ms. Franklin’s rendition of the song…

April 18, 2019
Read More >>

Russian Hackers Use RATs to Target Financial Entities

A financially motivated threat actor believed to speak Russian has used remote access Trojans (RATs) in attacks on financial entities in the United States and worldwide, Israel-based security firm CyberInt reports. Tracked by the research community as TA505, the Russian threat group is known for the use of banking Trojans such as Shifu and Dridex, as well as for the massive Locky ransomware campaigns observed several years ago. Over the…

April 18, 2019
Read More >>

Symfony, jQuery Vulnerabilities Patched in Drupal

Updates released on Wednesday for Drupal 7 and 8 patch several vulnerabilities affecting third-party Symfony and jQuery components used by the Drupal core. The developers of the Symfony PHP web application framework on Wednesday released updates that patch five vulnerabilities, including three that also impact the Drupal content management system (CMS). The Symfony flaws can allow an attacker to execute arbitrary code (CVE-2019-10910), authenticate as a different user by modifying…

April 18, 2019
Read More >>

Network DoS Attack on PLCs Can Disrupt Physical Processes

A team of researchers has demonstrated an interesting type of denial-of-service (DoS) attack on programmable logic controllers (PLCs), where network flooding can lead to the disruption of the physical process controlled by the device. A paper titled “You Snooze, You Lose: Measuring PLC Cycle Times Under Attacks” was published last year by a group of researchers from the German universities Hochschule Augsburg and Freie Universität Berlin. The ICS-CERT agency in…

April 18, 2019
Read More >>

Cisco Patches Critical Flaw in ASR 9000 Routers

Cisco on Wednesday released patches for 30 vulnerabilities, including a critical bug impacting ASR 9000 Series Aggregation Services Routers running IOS XR 64-bit software. Tracked as CVE-2019-1710 and featuring a CVSS score of 9.8, the vulnerability could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin virtual machine (VM). The issue resides in the incorrect isolation of the secondary management interface from internal sysadmin applications. Thus,…

April 18, 2019
Read More >>

Mysterious Operative Haunted Kaspersky Critics

Keir Giles’ first thought was that the man’s cheap-looking suit didn’t seem right for a private equity executive. The man seated in front of him at the London hotel claimed to live in Hong Kong, but didn’t seem overly familiar with the city. Then there was the awkward conversation, which kept returning to one topic in particular: the Russian antivirus firm Kaspersky Lab. He also asked Giles to repeat himself…

April 18, 2019
Read More >>

Bad Bots Steal Accounts, Content and Skew the Web Ecosystem

Bad bots are a continuing problem. Good bots, those that perform welcome and benign activities — such as search engine crawlers like Googlebot and Bingbot — are welcome. Bad bots, those that scrape and steal content, mine for competitive data, undertake credential stuffing, ad fraud, transaction fraud and more, are not. In its latest analysis of hundreds of billions of bad bot requests detected during 2018, Distil Networks examines the…

April 18, 2019
Read More >>

Fortinet Settles Whistleblower Case for $545,000

Sunnyvale, CA-based Fortinet agreed a deal worth $545,000 to settle a whistleblower lawsuit brought by the U.S. government and Yuxin ‘Jay’ Fang. The lawsuit alleged that Fortinet had supplied mislabeled goods manufactured by countries including China, falsely representing the goods were in compliance with the U.S Trade Agreements Act (TAA). According to the settlement agreement and Department of Justice announcement public on 12 April, Fortinet has acknowledged that between 2009…

April 18, 2019
Read More >>

Russian Hackers Scrambled to Erase Digital Footprints After Triton Attribution Report

SINGAPORE — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Some of the pieces of digital evidence that led to security researchers linking the notorious Triton malware to a Russian research institute were removed after the information was made public. A blog post published in October 2018 by cybersecurity firm FireEye assessed with “high confidence” that the Triton malware, also known as Trisis and HatMan, was linked to Russia, specifically the…

April 17, 2019
Read More >>