Security News

Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince victims to execute the RAT. Researchers with Microsoft's security intelligence team said this week that that the ongoing campaign started on May 12 and has used several hundred unique malicious Excel 4.0 attachments thus far - a trend that researchers said they've seen steadily increase over the past month. The emails are titled "WHO COVID-19 SITUATION REPORT" and claim to give an update on the confirmed cases and deaths related to the ongoing pandemic in the U.S. The attached malicious Excel 4.0 document opens with a security warning and shows a graph of supposed coronavirus cases in the U.S. If a victim enables it, the macro is downloaded and the NetSupport Manager RAT is executed.

According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage attacks.

The State of Software Security: Open Source Edition analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries. The idea was to define the risk that a single flaw in one library can pose to all applications that leverage that code.

While DoS attacks use differing tactics, they most commonly involve sending junk network traffic to overwhelm and crash systems. Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

The report shows that sometimes even paying a ransom does not guarantee a company will recover data encrypted in an attack, according to researchers. Though ransomware attacks in the public sector-which is believed to be one of the hardest hit by these attacks-are high profile, the report shows that actually that sector is less affected by ransomware attacks than the private sector.

Britain's Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to 100,000 employee details were stolen, dating back across a number of years.

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service. Now you can see why ransomware attacks almost always send back encryption keys when paid - any doubt in the mind of victims would quickly destroy the whole extortion racket as companies knuckled down to do the hard work themselves.

SophosLabs just published an informative report entitled Maze ransomware: extorting victims for 1 year and counting. Sadly, Maze has been in the news quite frequently in recent months, notably because the gang who created it have been in the vanguard of a new wave of "Double-whammy" ransomware attacks.

The US Federal Bureau of Investigation and cybersecurity experts believe Chinese hackers are trying to steal research on developing a vaccine against coronavirus, two newspapers reported Monday. The FBI and Department of Homeland Security are planning to release a warning about the Chinese hacking as governments and private firms race to develop a vaccine for COVID-19, the Wall Street Journal and New York Times reported.

Hackers have broken into Microsoft's GitHub account and stolen 500 GB of data from the tech giant's own private repositories on the developer platform, according to published reports. In its latest hack, the group provided a screenshot to reporters at news site Hack Read that showed a list of private files from Microsoft's open-source developer repository to prove their infiltration of the company's private account.