Month: March 2022

0 Comments
The US military knows it needs to speed up technology adoption through optimization, something at the heart of Silicon Valley culture The U.S. military won’t soon be adopting open-plan work environments, flexible PTO, free ubiquitous food, and lean manufacturing processes, although Silicon Valley wants it to. At the recent Rocky Mountain Cyberspace Symposium, both were
0 Comments
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. “By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds
0 Comments
Mobile applications with tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point. The security vendor’s three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database. Throughout the study,
0 Comments
by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. To sidestep rumours based on the title alone (which some readers might interpret as an attack
0 Comments
Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over “doubts about the reliability of the manufacturer.” Calling that the decision was made on “political grounds,” the company said it will “continue to assure our partners
0 Comments
This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m.
0 Comments
Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper “CaddyWiper,” which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated
0 Comments
French bank BNP Paribas has reportedly blocked its Russian-based employees from accessing its internal computer systems. According to a Reuters source, the bank rescinded the access privileges of its Russian workforce over fears that connections to the local network could leave BNP Paribas vulnerable to cyber-attacks by Russian threat actors.  The restriction is reportedly part of the French lender’s
0 Comments
What is Ransomware? Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay.
0 Comments
Czech-based multinational cybersecurity software company Avast has suspended the sale and marketing of its products in Russia and Belarus.  In a statement shared Thursday, Avast said it was ceasing business in Russia and offering its premium products free of charge to the people of Ukraine. “With immediate effect, we have withdrawn the availability of all of our products
0 Comments
by Naked Security writer In cybersecurity history, the US Independence Day weekend of 2021 is not remembered for the restful and relaxing summer celebrations that you’d usually associate with the Fourth of July. Instead, it’s remembered as the weekend of the infamous Kaseya ransomware attack. This was ransomware-with-a-difference, and the difference was the ultimate scale
0 Comments
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It’s, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of
0 Comments
Advances in cybersecurity must focus on increasing trust in digital technologies, according to Professor Adam Joinson, director of DiscribeHub+ and Professor of Information Systems at the University of Bath. This message was delivered during a talk about the socioeconomic impact of security on trust at the final leg of Digital Security by Design (DSbD) Roadshow in Northern Ireland, UK,
0 Comments
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi  McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 80,000  One extension,
0 Comments
Microsoft has released fixes for a relatively small number of CVEs this month, with only three critical bugs and three publicly disclosed flaws in the Patch Tuesday roundup. None of the three zero days have been exploited in the wild. They include CVE-2022-24512, a remote code execution (RCE) vulnerability in .NET and Visual Studio. “According to Microsoft,
0 Comments
Security researchers have revealed a major new campaign by Chinese state hackers in which they exploited Log4Shell and other bugs to compromise at least six US state government networks. Mandiant claimed the activity between May 2021 and February 2022 indicated a deliberate campaign. However, it could not say definitively whether the prolific group known as