The pro-Russia hacktivist group known as NoName057(16) has recently started new attacks against organizations and businesses across Poland, Lithuania and other countries. Most recently, the group began targeting the websites of the Czech presidential election candidates. According to SentinelOne, who discovered the new campaigns, the group conducted these campaigns by using public Telegram channels, a distributed
Month: January 2023
StrongPity’s backdoor is fitted with various spying features and can record phone calls, collect texts, and gather call logs and contact lists This week, the ESET research team published their findings about an espionage campaign by the StrongPity APT group that spreads a fully functional, but trojanized version of the legitimate Telegram app for Android.
Jan 14, 2023Ravie LakshmananServer Security / Patch Management A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That’s according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be
The Guardian has confirmed that threat actors stole the personal data of UK staff members during the ransomware attack that affected its systems on December 20, 2022. The updates come from The Guardian Media Group’s chief executive, Anna Bateson, and The Guardian‘s editor-in-chief, Katharine Viner, who emailed staff members on Wednesday. The executives have described
by Paul Ducklin THE CRYPTO CRISIS THAT WASN’T Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good
ESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA IDA Pro from Hex-Rays is probably the most popular tool today for reverse-engineering software. For ESET researchers, this tool is a favorite disassembler and has inspired the development of the IPyIDA plugin that embeds an IPython kernel into IDA Pro. Under
Jan 12, 2023Ravie LakshmananActive Directory / Malware A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. “Throughout the attack, the attacker followed a routine
A new advanced persistent threat (APT) group dubbed ‘Dark Pink’ by Group-IB (and ‘Saaiwc Group’ by Chinese cybersecurity researchers) has been spotted targeting various entities across Asia-Pacific and Europe, mainly with spear phishing techniques. According to a new advisory published by Group-IB earlier today, Dark Pink began operations as early as mid-2021, although the group’s
by Paul Ducklin JWT is short for JSON Web Token, where JSON itself is short for JavaScript Object Notation. JSON is a modernish way of representing structured data; its format is a bit like XML, and can often be used instead, but without all the opening-and-closing angle brackets to get in the way of legibility.
A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own Want to secure, patch, upgrade, or modify tech you own? You may not be able to, if some manufacturers have anything to say about it. They view
Jan 12, 2023Ravie LakshmananData Security / Privacy Twitter on Wednesday said that its investigation found “no evidence” that users’ data sold online was obtained by exploiting any security vulnerabilities in its systems. “Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by
The US Supreme Court gave the green light on Monday for WhatsApp to pursue a lawsuit against NSO Group, the Israeli surveillance company, for installing the Pegasus spyware on roughly 1400 devices where WhatsApp was also installed. More specifically, the court has ruled that WhatsApp is allowed to sue for damages ensued by the malicious installation
by Paul Ducklin As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page. (The website itself says 2283, but the CSV export contained 2875 lines, where the first line
Are you an online oversharer? Do you give your full birthday to all your online shopping accounts? Have a few companies you have accounts with been breached but you didn’t take any action at the time? If you have bad digital habits, now is an excellent time to reset your digital presence. In isolation, these
ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities also listed as
The South African threat actors known as “Automated Libra” have been improving their techniques to exploit cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors have used a new Captcha-solving system alongside a more aggressive use of CPU resources for mining and the mix of “freejacking” with the
by Paul Ducklin If you’re a programmer, whether you code for a hobby or professionally, you’ll know that creating a new version of your project – an official “release” version that you yourself, or your friends, or your customers, will actually install and use – is always a bit of a white-knuckle ride. After all,
As technology weaves itself into our lives in new and unexpected ways, some of it will get quite personal and close to home. That made itself clear at CES this year, which makes a strong case for your security. The more things we connect, the more data we create. Data about ourselves that companies and
Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum’s foul plan and recover the five golden rings This is my first year participating in the SANS Holiday Hack Challenge and it was a blast. Through a series of
Jan 09, 2023Ravie LakshmananKubernetes / Cryptojacking The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report
US-based health and human services organization Maternal & Family Health Services (MFHS) has reported being hit by a ransomware attack. The non-profit made the announcement on Thursday, saying its systems were compromised between August 21, 2021, and April 4, 2022. An investigation launched in April last year revealed the attack may have exposed sensitive information
Jan 09, 2023Ravie LakshmananSupply Chain / CodeSec A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique “could act as an entry point for an attack on many organizations,” Aqua security researcher
Ongoing hacking campaigns orchestrated by the threat actor group Blind Eagle (also known as APT-C-36) have been spotted targeting individuals across South America. Security experts from Check Point Research (CPR) unveiled the findings in a new advisory published on Thursday, describing a novel infection chain involving an advanced toolset. “For the last few months, we have
If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. With that, we have your back. And here’s why. In the U.S., reported cases of identity theft continue to rise. In the first half of 2022, the Federal
Jan 08, 2023Ravie LakshmananCyberespionage / Threat Analysis The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers
Meta’s instant messaging subsidiary WhatsApp has officially introduced proxy support, reportedly to tackle internet disruption tactics used by repressive governments. The company made the announcement in a blog post on Thursday, saying the new feature is designed to put the power into people’s hands to maintain access to WhatsApp if their connection is blocked or
by Paul Ducklin There’s been a bit of a kerfuffle in the technology media over the past few days about whether the venerable public-key cryptosystem known as RSA might soon be crackable. RSA, as you probably know, is short for Rivest-Shamir-Adleman, the three cryptographers who devised what turned into an astonishingly useful and long-lived encryption
Authored by Vonny Gamot The official 40th birthday of the internet serves as a timely reminder that while it is a fantastic place, we must practice good digital hygiene to safeguard our privacy and identity so we can protect ourselves from the latest threats. Since its widely recognized creation on January 1st 1983, the internet
Do you use any of these extremely popular – and eminently hackable – passwords? If so, we have a New Year’s resolution for you. Security experts have been predicting the death of the password for well over a decade. But it’s still the main way we log-in to our online accounts and mobile applications. Why?