Security researchers are warning of a new critical remote code execution bug in a popular Java developer framework, although reports that it could be the next Log4Shell may be overblown. Dubbed “SpringShell” by some in the community, the vulnerability affects the spring-core artifact, a popular framework used extensively in Java applications, specifically with JDK9 or
Month: March 2022
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and the countless snapshots of your furry companion. Next, open your laptop or desktop and check to
ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques ESET researchers recently described Wslink, a unique and previously undocumented malicious loader that runs as a server and that features a virtual-machine-based obfuscator. There are no code, functionality or operational
Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564),
Around a third (31%) of businesses experience cyber-attacks or breaches at least once a week, according to new figures published in the UK government’s Cyber Security Breaches Survey 2022 report. Over a quarter (26%) of charities also reported being hit by attacks at least once a week, and the government is urging all organizations to strengthen their
by Paul Ducklin You’ve probably heard of Zlib, but even if you haven’t, you’ve almost certainly used it. Zlib’s unashamedly 1990s-style website describes the product as A Massively Spiffy Yet Delicately Unobtrusive Compression Library (Also Free, Not to Mention Unencumbered by Patents). Data compression software (and, of course, the matching code to decompress it later)
We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill
Leading Slovak computer scientist Mária Bieliková shares her experience working as a woman driving technological innovation and reflects on how to inspire the next generation of talent in tech It’s no secret that women continue to be underrepresented in the ranks of technologists. Indeed, with the scales traditionally tipped towards men, we may not always realize
A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX,
Ukraine’s national telecommunications provider has been hit by a significant cyber-attack, leading to the “most severe” disruption to internet connectivity in the region since the start of the conflict with Russia. Ukrtelecom, the country’s biggest provider of fixed internet in terms of geographic coverage, confirmed the incident yesterday and said it is gradually restoring connectivity
by Paul Ducklin Last time we reported on a Chrome zero-day flaw was back in February 2022. Back then, Google noted that the Chrome browser – and, by implication, all other browsers based on the Chromium-project code and its underlying Blink rendering engine – had been patched against a range of memory mismanagement bugs that
Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security It is generally understood that the world is deeply interconnected, especially when it comes to energy supplies and the global energy trade. Maintaining complex, but reliable business and nation-state relationships has been central to
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. “Transparent Tribe has been a highly active APT group in the Indian subcontinent,” Cisco Talos researchers said in an analysis shared with
An Estonian man has been sentenced to over five years behind bars for his role in a wide-ranging online fraud and ransomware campaign. Maksim Berezan, 37, was arrested in Latvia and extradited to the US, where he pleaded guilty in April 2021 to conspiracy to commit wire fraud affecting a financial institution and conspiracy to
Editor’s Note: This is the third in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. “The emails use a social engineering technique of conversation hijacking (also known as thread hijacking),” Israeli company Intezer said in a report
Finding someone who hasn’t heard of TikTok in 2022 would be quite the achievement. As one of the most popular social media platforms of the moment, it is not only being used by our tweens, teens and even grownups to connect but also as a crucial way to tell important stories amidst a backdrop of
A patrolman at a Sheriff’s Office in Florida has been arrested on suspicion of sending sexually explicit images to a 16-year-old high school student. Clay County resident Alejandro Carmona-Fonseca had worked for the Jacksonville Sheriff’s Office for 15 years before his arrest on March 15. During that time, he was the subject of 28 complaints from his
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. “The malicious activity represents one of the first public examples
No one likes the feeling that someone is looking over their shoulder when they work, shop or surf online. But this is just what crooks and scammers do without our knowledge using “spyware.” Spyware is a piece of software that can covertly gather information on you. It can track the websites you visit and even
A United States Senate committee has questioned whether a new data label created to protect sensitive information is being abused by the Pentagon to prevent the disclosure of important information to the public. The Senate Armed Services Committee, which authorizes defense spending, asked William LaPlante to review the increasing use of the freshly concocted Controlled Unclassified Information (CUI) label
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets At the time of writing this blogpost, the price of bitcoin (US$38,114.80) has decreased about 44 percent from its all-time high about four months ago. For cryptocurrency investors, this might be a time either to panic and
The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the “Covered List” of companies that pose an “unacceptable risk to the national security” of the country. The development marks the first time a Russian entity has been added to the list that’s been otherwise dominated by Chinese
The recent WannaCry ransomware attack that infected more than 250,000 computers worldwide was a good reminder to everyone about staying vigilant when it comes to internet safety. After all, many of us stay connected most of the time, whether it’s on our laptops or mobile devices, giving cybercriminals a wide range of opportunities to go
A London nightclub owner has been forced to surrender hundreds of thousands of pounds worth of equipment seized by police after being linked to a notorious cybercrime money laundering group. The QQAAZZ group provided money-laundering services to many organized cybercrime groups over the years. According to the National Crime Agency (NCA), the transnational gang was managed from
by Naked Security writer You’ve almost certainly heard of the LAPSUS$ hacking crew. That’s lapsus, which is as good a Latin word as any for “data breach”, followed by a dollar sign, like a text variable in BASIC. Microsoft refers to this cybergang by the more pedestrian moniker of “the DEV-5037 actor”, and noted, in
Why has the conflict in Ukraine not caused the much anticipated global cyber-meltdown? New York City’s 8.4 million residents are in darkness after an audacious nation-state cyberattack took out the city’s power grid, causing untold chaos with stock markets around the world collapsing. In retaliation against the perpetrators, the US unleashes a series of cyberattacks
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that’s linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta. The development, which was first disclosed by BBC News, comes after a report
- 1
- 2
- 3
- …
- 5
- Next Page »