Security News > 2020

One of the most popular Dark Web hosting services, Daniel's Hosting, has been slaughtered. Daniel Wizen, the German software developer who runs DH, said that this time, the provider of free hosting services is kaput at least for the foreseeable future which he also said, more or less, last time, in September 2018, when hackers rubbed 6,500 sites off the Dark Web in one fell swoop.

ACROS Security's 0patch service has developed unofficial patches for two actively exploited Windows vulnerabilities for which Microsoft has yet to release fixes. Hackers can exploit the flaws by convincing users to open specially crafted documents or viewing them in the Windows preview pane.

This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline...

The FBI on Tuesday shut down Deer.io, a Russia-based platform catering to cybercrooks that offered turnkey online storefront design and hosting and a place where they could sell and advertise their wares, including ripped-off credentials, hacked servers, hacking services, gamer accounts and more. Up until the FBI jammed a stick in its spokes, the platform was doing brisk business, with sales exceeding $17 million, selling hacked accounts for video streaming services like Netflix and Hulu and social media platforms such as Facebook, Twitter and Vkontakte.

Since the start of the year, journalists and news outlets have become preferred targets of government-backed cyber attackers, Google's Threat Analysis Group has noticed. Attackers impersonate a journalist to seed false stories with other reporters to spread disinformation. In other cases, attackers will send several benign emails to build a rapport with a journalist or foreign policy expert before sending a malicious attachment in a follow up email," shared Toni Gidwani, a security engineering manager at TAG. Government-backed attackers also target foreign policy experts - for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks - as well as government officials, dissidents and activists.

There has been a 168% increase in DDoS attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall in 2019 vs. 2018, according to Neustar. The company saw DDoS attacks across all size categories increase in 2019, with attacks sized 5 Gbps and below seeing the largest growth.

The 2019 Cost of a Data Breach Report, conducted by Ponemon Institute, estimates the average total cost of a data breach in the United States to be close to $4 million. The average price for each lost data record, says the report, is around $150. Breaches happen in so many ways, a one-size-fits-all solution doesn't exist.

While many companies are beginning to migrate security tools to the cloud, a significant number have concerns, a survey by Exabeam reveals. Typically, organizations migrate security tools to the cloud to minimize the resources and overhead associated with owning and maintaining on-premises equipment and software.

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.

Researchers at the University of Notre Dame are using artificial intelligence to develop an early warning system that will identify manipulated images, deepfake videos and disinformation online. The scalable, automated system uses content-based image retrieval and applies computer vision-based techniques to root out political memes from multiple social networks.