At McAfee, we’re proud to protect. It’s part of our DNA. We’re all dedicated to keeping the world safe from cyber threats. As a team, we’re driven by our mission to protect all that matters. Individually, we’re motivated by our own unique reasons – whether that’s family, friends, or our communities. As part of our
Month: March 2022
Nearly two-thirds (62%) of cybersecurity teams are understaffed, and 63% have unfilled vacancies. This is according to ISACA’s State of Cybersecurity 2022 report, which highlighted organizations’ ongoing struggles to hire and retain skilled cybersecurity professionals. This year’s survey included insights from over 2000 cybersecurity professionals worldwide. A fifth of respondents admitted it takes more than six months
by Paul Ducklin In January 2021, reports surfaced of a backup-busting ransomware strain called Deadbolt, apparently aimed at small businesses, hobbyists and serious home users. As far as we can see, Deadbolt deliberately chose a deadly niche in which to operate: users who needed backups and were well-informed enough to make them, but who didn’t
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added that 366 corporate customers, or about 2.5% of its customer
I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do!
Network defenders have just 43 minutes to mitigate ransomware attacks once encryption has begun, a new study from Splunk has warned. The security monitoring and data analytics vendor evaluated the speed at which 10 ransomware variants encrypt data to compile its report, An Empirically Comparative Analysis of Ransomware Binaries. Using a controlled Splunk Attack Range lab
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came
The humble internet browser. Dutifully taking you the places you want to go online, whether that’s the bank, the store, the movies, or even to work. All the more reason to make sure your browser gets every last bit of protection it can. It’s easy to fire up your browser without a second thought. Arguably,
The current cyber dimension of the Russia-Ukraine conflict and how it may escalate were discussed by Ciaran Martin, founding CEO of the UK’s National Cyber Security Centre (NCSC), during the keynote address at the Infosecurity Magazine Online Summit – EMEA 2022. Martin began by noting that so far, “the cyber dimension has been quieter than many of us might have
by Paul Ducklin CafePress is a web service that lets artists, shops, businesses, fan clubs – anyone who signs up, in fact – turn designs, corporate slogans, logos and the like into fun merchandise they can give away or sell on to others. The days when you had to put in an order for several hundred coffee
As the war rages, the APT group with a long résumé of disruptive cyberattacks enters the spotlight again For cybersecurity pundits, it has become a doctrine that cyberdisruption, whether perpetrated directly or via proxy groups, can be expected to accompany military, political, and economic action as a way of softening up targets or of strategically
Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2
Several US authorities have released a new alert warning of the threat to critical infrastructure (CNI) providers from the AvosLocker ransomware group. The ransomware-as-a-service affiliate operation is targeting financial services, manufacturing and government entities, as well as organizations in other sectors, the report revealed. Victims reportedly hail from all over the globe, including the US,
by Paul Ducklin Ever wanted or needed to buy or sell cryptocoins on a whim, without going online? Ever felt like cashing in 100,000 Satoshis or so at 3am to treat your party buddies to a kebab-fest on the way home from a big night out? Well, if you live in the UK, you can’t
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the
Uganda has arrested an author and activist and a TV journalist for allegedly cyber stalking the country’s President, Yoweri Museveni. Author Norman Tumuhimbise and his colleague Farida Bikobere were reportedly bundled into a van by armed security personnel last week. The pair’s lawyer, Eron Kiiza, confirmed their arrest on Thursday to the news agency Agence France-Presse (AFP).
by Paul Ducklin The latest raft of non-emergency Apple security updates are out, patching a total of 87 different CVE-rated software bugs across all Apple products and plaforms. There are 10 security bulletins for this bunch of updates, as follows: APPLE-SA-2022-03-14-1: iOS 15.4 and iPadOS 15.4 (HT213182) APPLE-SA-2022-03-14-2: watchOS 8.5 (HT213193) APPLE-SA-2022-03-14-3: tvOS 15.4 (HT213186)
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 100,000 McAfee Labs
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that
A spear-phishing study by security company Barracuda has found that a third of malicious logins into compromised accounts in 2021 came from Nigeria. The finding was included in the Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks report, released by the company on Wednesday. The
by Paul Ducklin OpenSSL published a security update this week. The new versions are 3.0.2 and 1.1.1n, corresponding to the two currently-supported flavours of OpenSSL (3.0 and 1.1.1). The patch includes a few general fixes, such as error reporting that’s been tidied up, along with an update for CVE-2022-0778, found by well-known bug eliminator Tavis
It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will sure to follow—along with online betting scams. Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states
Cyberattacks against data centers may ultimately be everyone’s problem – how prepared are their operators for the heightened risk of cyber-assaults? As the war in Ukraine continues, so does the potential for further escalation in kinetic hostilities. At the same time, the odds that the conflict may lead to major cyberattacks against targets beyond Ukraine’s
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891,
The UK’s National Cyber Security Centre (NCSC) has launched a significant public awareness campaign to encourage stronger security practices for emails and other digital accounts. The campaign offers actionable cybersecurity guidance to the public, in line with the UK government’s Cyber Aware advice. The first of these recommends using passwords containing three random words, ensuring they are unique, strong
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML
The UK’s landmark Online Safety Bill has been introduced to Parliament today. The legislation was drafted in May last year and contained measures to tackle a range of digital harms, including child sexual abuse, terrorist material, fraud and online abuse. New obligations will be placed on social media firms and other services hosting user-generated content to prevent
by Paul Ducklin Last year, we wrote about a research paper from SophosLabs that investigated malware known as CryptoRom, an intriguing, albeit disheartening, nexus in the cybercrime underworld. This “confluence of criminality” saw cybercrooks adopting the same techniques as romance scammers to peddle fake cryptocurrency apps instead of false love, and fleece victims out of