Publishing giant Nikkei has reported they have lost $29million in an email fraud. In a press release they said: In late September 2019, an employee of Nikkei America, Inc. (New York City, United States) (“Nikkei America”), a subsidiary of Nikkei Inc. (“Nikkei”), had transferred approximately 29 million United States dollars (approximately 3.2 billion Japanese Yen)Read more
Blog
McAfee reports that a trio of malware kits are being actively used to target Office365 users. The phishing emails contain a clip of audio pretending to be from a voicemail intended for the recipient. A short clip of the audio can be played within the email which contains an urgent sounding ‘um hello?…’ The user isRead more
The rapid increase is resolution and quality of smartphone cameras in recent years is opening up new possibilities for criminals. The BBC reports that a Japanese pop star was attacked outside her home after her stalker was able to examine the reflections in her eyes in multiple social media images and identify the street where sheRead more
Two recent significant cyber-attacks demonstrate the huge cost of malware attacks against large businesses. Aluminium producer Norsk Hydro has estimated remediation costs of their ransomware attack at £60 million (650 million Norwegian Crowns). The attack back in March 2019 saw the company’s systems infected with the LockerGoga ransomware which brought production to a halt at 170Read more
Europol has just published their 2019 Internet Organised Crime Threat Assessment The key findings of the report make for interesting reading for Security Managers: While the number of ransomware attacks have reduced since 2018, the attackers have shifted their focus to more profitable targets – your businesses! Phishing and vulnerable Remote Desktop Protocol attacks areRead more
The trial of a Sys Admin who worked for the Fin7 cyber-crime syndicate provides a surprising look into the inner workings of the organisation. Fedir Hladyr was the Sys Admin running the support infrastructure for Fin7. He was responsible for JIRA, Jabber and HipChat servers used to co-ordinate the work of their teams of hackersRead more
In the eternal arms race between malware writers and anti-virus vendors, a new front of attack is opening. As security software has responded to the use of MS Office files as a means for malware delivery over email, the attackers have started to shift to the OpenDocument (ODT) file format first popularised by OpenOffice andRead more
Security researchers from two German universities have published details of flaws in document PDF encryption Digitally signed and encrypted PDF documents are widely used: to execute contracts, meet statutory reporting obligations and to protect commercially sensitive information transmitted as email attachment. Breaking PDF digital signatures PDF digital signatures use asymmetric cryptography; that is the signerRead more
The CWE top 25 is a list of the most common software defects that give rise to CVE being reported. Mitre, the organisation behind the Common Vulnerabilities and Exposures database, has scanned some 25,000 CVE reports logged within their database and the NIST National Vulnerability Database in order to compile the list for 2019. ByRead more
Microsoft’s ATP research team has issued a details analysis of a new malware campaign which is pushing boundaries of the state of the art for Fileless malware. Fileless malware does not leave a noticeable fingerprint on the file-system – it resides only in memory. Nodersok is interesting because of its use of living-off-the-land techniques; itRead more
