Highlights and Updates

Spear phishing campaigns—they’re sharper than you think

Tuesday, 3rd December 2019

Even yourmost security-savvy users may have difficulty identifying honed spear phishingcampaigns. Unlike traditional phishing campaigns that are blasted to a largeemail list in hopes that just one person will bite, advanced spear phishingcampaigns are highly targeted and personal. They are so targeted, in fact, thatwe sometimes refer to them as “laser” phishing. And because these attacks areso focused, even tech-savvy executives and other senior managers have beenduped into handing over money and sensitive files by a well-targeted email.That’s how good they are. Read More

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Tuesday, 3rd December 2019

Cybersecurityresearchers have discovered a new unpatched vulnerability in the Androidoperating system that dozens of malicious mobile apps are already exploiting inthe wild to steal users' banking and other login credentials and spy on theiractivities.

Dubbed Strandhogg, thevulnerability resides in the multitasking feature of Android that can beexploited by a malicious app installed on a device to masquerade as any otherapp on it, including any privileged system app.

In other words, when a user taps the icon of alegitimate app, the malware exploiting the Strandhogg vulnerability canintercept and hijack this task to display a fake interface to the user insteadof launching the legitimate application. 
Read More

Dexphot Malware Hijacked 80K+ Devices to Mine Cryptocurrency

Friday, 29th November 2019

A cryptomining malware has infected at least 80k devicesand uses various tactics to evade detection. Microsoft is warning of malware,Dexphot, that has infected more than 80,000 machines, sucking up their CPUpower in order to mine cryptocurrency.

Researchers first discoveredDexphot in October 2018 and saw its activity peak during July. They said thatthe malware has a complex attack chain and also uses various methods to outwitdetection efforts, including an obfuscated script designed to check for antivirusproducts, and regularly-scheduled malware updatesRead More

More Highlight

Information For

Control System Users

Information for industrial control systems owners, operators, and vendors.

Government Users

Resources for information sharing and collaboration among government agencies.

Home and Business

Information for system administrators and technical users.