by Paul Ducklin Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days… …and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval. For a threat researcher’s view of the Patch Tuesday fixes for December 2022, please consult
Month: December 2022
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief. How does that information get collected in the first place? We share personal information with
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors election in July 2022, by the APT
Dec 14, 2022Ravie LakshmananWebsite Security / Linux A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. “This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ‘:::trim:::’
Social media company Twitter has issued a public statement regarding allegations that it was hacked earlier this year. Writing in a blog post on Friday, the Elon Musk-owned platform said it learned that someone had potentially exploited a vulnerability that Twitter reportedly discovered in January and fixed in June 2022. The flaw enabled someone submitting
by Paul Ducklin Apple has just published a wide range of security fixes for all its supported platforms, from the smallest watch to the biggest laptop. In other words, if you’ve got an Apple product, and it’s still officially supported, we urge you to do an update check now. Remember that even if you’ve set
Can thieves steal identities with only a name and address? In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use. If you think of
Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny! Thanks to a decade or more of big-name data breaches, global privacy scandals and consumer rights legislation like the GDPR, we’re all more aware of
Dec 13, 2022Ravie LakshmananOpen Source / Vulnerability Database Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect “a project’s list of dependencies with the vulnerabilities
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m). The figures come from a letter from HSE chief information officer Fran Thompson sent to Aontú leader Peadar Tóibín last Friday. The missive, viewed by The Irish Times, comes months after the Department of Health
by Paul Ducklin You’ve probably heard of Pwn2Own, a hacking contest that started life alongside the annual CanSecWest cybersecurity event in Vancouver, Canada. Pwn2Own is now a multi-million “hackers’ brand” in its own right, having been bought up by anti-virus outfit Trend Micro and extended to cover many more types of bug than just browsers
Payment applications make splitting restaurant bills, taxi fares, and household expenses so much easier. Without having to tally totals at the table or fumble with crumpled bills, you and your companions can spend less stress and more time on the fun at hand. There are various payment apps available, and the company that may first
Dec 12, 2022Ravie LakshmananEndpoint Detection / Data Security High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. “This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on
A subgroup of the Iran-based Cobalt Mirage threat group has been observed leveraging Drokbk malware to achieve persistence on victims’ systems. The claims come from Secureworks Counter Threat Unit (CTU) researchers, who shared an advisory about Drokbk with Infosecurity before publication. According to the security team, the attacks come from Cobalt Mirage’s subgroup, Cluster B.
Dec 10, 2022Ravie LakshmananWeb App Firewall / Web Security A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block
Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cybersecurity specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages. “Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some
ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that
Dec 10, 2022Ravie LakshmananHack-for-Hire / Threat Intelligence Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware
Threat group Silence has been spotted infecting an increasing number of devices using Truebot malware. The findings come from Cisco Talos researchers, who have also suggested a connection between Silence and the infamous hacking group Evil Corp (tracked by Cisco as TA505). According to an advisory published on Thursday, the campaigns observed by the firm
by Paul Ducklin DATA BREACHES – THE STING IN THE TAIL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and
Xenomorph pilfers victims’ login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data More than 50,000 Android devices were compromised with an Android banking trojan called Xenomorph earlier this year. First reported by ThreatFabric, Xenomorph posed as a system-optimizing app called “Fast Cleaner”. Disguising malicious software as device optimizers, battery- or performance-enhancing and
Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for
Indiana’s attorney general filed two separate lawsuits against social media firm TikTok Wednesday alleging the platform promoted content to young users that isn’t age-appropriate and did not adequately protect the safety of users’ data. According to court documents, the TikTok algorithm “promotes a variety of inappropriate content to 13-17-year-old users throughout the United States.” Indiana’s
by Paul Ducklin Researchers at application security company Jscrambler have just published a cautionary tale about supply chain attacks… …that is also a powerful reminder of just how long attack chains can be. Sadly, that’s long merely in terms of time, not long in terms of technical complexity or the number of links in the
Dec 08, 2022Ravie LakshmananMobile Security / Android Malware Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape. This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It
Threat actors have been observed targeting companies operating within the cryptocurrency industry for financial gain. According to a new advisory published by Microsoft on Tuesday, attacks targeting this market have taken several forms over the past few months, including fraud, vulnerability exploitation, fake applications and info stealer deployment. “We are also seeing more complex attacks
by Paul Ducklin BUSINESS RISKS FROM AFTER-HOURS MALWARE Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good
ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for