Month: March 2023

by Paul Ducklin Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash. Microsoft has tried many things over the years to shake that nickname “BSoD”, including changing the background colour used when crash

A total of 13 vulnerabilities have been found in the E11 smart intercom devices made by Chinese manufacturer Akuvox, allowing remote code execution (RCE), network access and more. Writing in an advisory published last week, Vera Mens, a security researcher at Claroty’s Team82, said the flaws could be exploited via three different attack vectors: RCE

New Linux versions of the IceFire ransomware were deployed in February, against enterprise networks of several media and entertainment sector organizations worldwide. According to security researchers at SentinelOne, the campaign leveraged the exploitation of CVE-2022-47986, a recently patched deserialization vulnerability in IBM Aspera Faspex file-sharing software. “The operators of the IceFire malware, who previously focused only

A new variant of the Xenomorph Android banking trojan has been spotted by ThreatFabric security researchers and classified as Xenomorph.C. The variant, developed by the threat actor known as Hadoken Security Group, represents a substantial upgrade from the malware previously observed by ThreatFabric, according to an advisory published by the company earlier today. “This new

by Paul Ducklin Chinese “fast fashion” brand SHEIN is no stranger to controversy, not least because of a 2018 data breach that its then-parent company Zoetop failed to spot, let alone to stop, and then handled dishonestly. As Letitia James, Attorney General of the State of New York, said in a statement at the end

The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report. Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.” Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting

by Paul Ducklin YOU MUST HAVE THIS CHIP! EVEN IF IT HAS BUGS! Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.

The threat actor known as “8220 Gang” has been associated with a new payload targeting an exploitable Oracle Weblogic Server in a specific Uniform Resource Identifier (URI). The payload, analyzed by Fortinet security researchers, is characterized by the extraction of ScrubCrypt, a type of malware designed to obfuscate and encrypt applications with the goal of

The North Korean threat actor known as Lazarus Group has been spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year. The news comes from security researchers at Asec, who published an advisory about the attacks on Tuesday. The company recorded the first of the attacks in

by Paul Ducklin Even if you’re not entirely sure what a TPM is, you’ll probably know that if you want to run Windows 11, you need one. More precisely, you need a TPM 2.0 (although there’s an official Microsoft workaround to get by with TPM 1.2, the previous, incompatible version of the technology). TPM is

A ransomware cyber-attack has targeted one of Barcelona’s leading hospitals, shutting down its computer system and forcing the cancellation of 150 non-urgent operations and up to 3000 patient checkups. Reported Monday on Twitter, the attack against Hospital Clinic de Barcelona occurred on Sunday. At the time, the institution said it was working to determine the

by Naked Security writer You’ve almost certainly heard of the ransomware family known as DoppelPaymer, if only because the name itself is a reminder of the double-barrelled blackmail technique used by many contemporary ransomware gangs. To increase the pressure on you to pay up, so-called double-extortionists not only scramble all your data files so your

German and Ukrainian police forces have apprehended suspected key members of the DoppelPaymer ransomware gang, Europol announced today. The operation, carried out on February 28, was supported by Europol, the Dutch Police and the United States Federal Bureau of Investigations (FBI) and resulted in the capture of a suspect in Germany and one in Ukraine.

Two separate vulnerabilities have been found in the Trusted Platform Module (TPM) 2.0 that could lead to information disclosure or escalation of privilege. At a basic level, TPM is a hardware-based technology providing secure cryptographic functions to the operating systems on modern computers, making them resistant to tampering. Affecting Revisions 1.59, 1.38 and 1.16 of the