Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it’s
Month: April 2022
One of the world’s most notorious hacking marketplaces, RaidForums, has been shut down and its infrastructure seized in a major cross-border law enforcement operation. Operation TOURNIQUET, which was coordinated by Europol in support of the independent investigations of the US, UK, Sweden, Portugal and Romania, also led to the arrest of the RaidForums’ administrator and two of
by Paul Ducklin Three years ago, we published an article with the dramatic-sounding title Serious Security: Post-Quantum Cryptography (and why we’re getting it). As you probaby know, so-called quantum computers work in a rather mysterious way compared to conventional computers, inasmuch as they can perform certain sorts of calculation so that they effectively “compute” all
This ICS-capable malware targets a Ukrainian energy company This is a developing story and the blogpost will be updated as new information becomes available. Executive summary The blogpost presents the analysis of a cyberattack against a Ukrainian energy provider. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company
Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server’s IP address, and other network information. “The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability
Scammers who tricked victims into handing them control of their PCs managed to steal nearly £58m last year, according to official UK police figures. Some 20,144 individuals fell victim to such “remote access tool” (RAT) scams in 2021, according to Action Fraud, the country’s national reporting centre for fraud and cybercrime. Losing on average around £2800 per
Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,'” Zscaler ThreatLabz researchers Avinash
The multifaceted nature of modern supply chain risks was highlighted by Jon France, CISO for (ISC)², during (ISC)² Secure London this week. France, who was appointed the first-ever CISO of (ISC)² earlier this year, emphasized that rapid digitization across all industries had significantly widened organizations’ threat landscape during COVID-19. “Speed can sometimes be the enemy of risk,” he noted,
by Paul Ducklin The good news in this month’s Android patches is that even though Google’s own updates close off numerous elevation of privilege (EoP) holes, there aren’t any remote code execution bugs on the list. The bad news, of course, is that EoP bugs that directly lead to root access, without any tell-tale signs,
As a gamer, you love the stuff you’ve racked up over the years—that rare Fortnite skin from six seasons ago, a complete set of Tier 20 armor in World of Warcraft, or a Steam account loaded with your favorite titles. Hackers love it too. Because they can make money off it. Hackers have been stealing
China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future’s Insikt Group, a sophisticated remote access trojan which has been dubbed a
The Information Commissioner’s Office (ICO) is currently investigating a cyber-attack across TrustFord branches throughout the UK. The vehicle dealer group revealed the attack, which is believed to have been committed by the Conti ransomware gang, affected the firm’s internal systems. In particular, access to the internet and phones within the business was affected. However, TrustFord assured
by Paul Ducklin If you’ve ever written technical documentation to use online, you probably started out by creating it directly in HTML (hypertext markup language), so you could drop it directly into your website. You may have used various HTML editors that gave you a real-time but not entirely precise preview, but you’ll have spent
What’s worse than a surprise call from a law enforcement official telling you to pay a fine or be forced to serve time? Providing your personal information and paying that fine only to find out that it was all a scam. You didn’t miss jury duty; you didn’t commit a crime — you were just tricked
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. “The exploitation allows threat actors to download the Mirai sample to the ‘/tmp’ folder and execute them after permission change using ‘chmod,'” Trend Micro researchers
The websites of Finland’s defense and foreign affairs were taken offline today following DDoS attacks. The ministries each confirmed the attacks on Twitter earlier today, although the websites now appear to be back up and running. The nation’s Ministry of Defense wrote at 10.45 am GMT: “The Department of Defense website http://defmin.fi is currently under attack. We
by Paul Ducklin German police have located and closed down the servers of Hydra, allegedly one of the world’s biggest underground online stores. Investigators at the Bundeskriminalamt (BKA – the Federal Criminal Police Office) claim that the Russian-language Hydra darkweb site, accessible via the Tor network, had about 17 million customer accounts (many individual buyers
If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet. Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and
As cloud systems are increasingly the bedrock on which digital transformation is built, keeping a close eye on how they are secured is an essential cybersecurity best practice For weeks, cybersecurity experts and government agencies have been urging organizations to enhance their cyber-defenses due to the increased threat of cyberattacks amid Russia’s invasion of Ukraine.
A 32-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for the individual’s criminal work as a “high-level hacker” in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in
At the (ISC)2 Secure London Event today, Laurie-Anne Bourdain, data protection officer at Belgium fintech company Isabel Group, delivered a session on planning and delivering a successful cybersecurity awareness program. Bourdain advised that creating a roadmap is an essential first step in developing a good awareness program. The roadmap requires an understanding of your organization’s
by Paul Ducklin LISTEN NOW [01’34”] LAPSUS$ hacking, 2022-style. [06’11”] Zero-day emergency updates from Apple. [08’46”] Elevation of privilege patches in Android. [09’41”] Bugs fixed in Firefox 99. [11’00”] The SATAN network scanner and its impact on threat reponse. [14’02”] Two confusing bugs in VMware Spring. [20’17”] Old-school hacking, PDP-11 style. Click-and-drag on the soundwaves
Outfitting your smart home could get a whole lot easier this year. A new industry standard called Matter aims to remove a big barrier in smart home technology, one that makes different smart home devices compatible with any smart home platform—something that wasn’t possible until now. For years, different smart home devices have run on several
ESET researchers analyzed three malicious applications targeting customers of eight Malaysian banks The popularity of online shopping has been growing during the past few years, a trend accelerated by the pandemic. To make this already convenient way of never having to leave the couch to buy new things even more convenient, people are increasingly using
During the last week of March, three major tech companies – Microsoft, Okta, and HubSpot – reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the
Security researchers have observed tens of thousands of attempts to exploit the critical new SpringShell (Spring4Shell) vulnerability within days of its publication. Check Point Research claimed to have spotted 37,000 such attempts within the first four days, which it extrapolated to calculate that around 16% of global organizations were affected. Europe accounted for the largest number of incidents
by Paul Ducklin The once-every-four-weeks security update to Mozilla’s Firefox browser officially arrived today. The regular version of Firefox is now 99.0, while the Extended Support Release, which gets security fixes without any feature updates, is now 91.8.0 ESR. Add together the first two numbers in the ESR release triplet and you should get the
This month, McAfee celebrates three years of maintaining pay parity. Compensating employees equally for their contributions, regardless of gender or ethnicity, is one of the many ways we create a culture where all can belong and an environment where everyone is valued. But equal pay sounds like a given, right? It absolutely should be. However,
If better privacy and anonymity sound like music to your ears, you may not need to look much further than Tor Browser. Here’s what it’s like to surf the dark web using the browser. When I speak to people about the dark web, many are still very wary of it and often think that it
Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker