Apr 21, 2023Ravie LakshmananKubernetes / Cryptocurrency A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. “The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report
Month: April 2023
by Paul Ducklin Logging software has made cyberinsecurity headlines many times before, notably in the case of the Apache Log4J bug known as Log4Shell that ruined Christmas for many sysadmins at the end of 2021. The Log4Shell hole was a security flaw in the logging process itself, and boiled down to the fact that many
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques
The 3CX Desktop App software has been reportedly compromised via a prior software supply chain breach, with a North Korean actor suspected to be responsible. According to security researchers at Mandiant, the initial compromise was traced back to malware from financial software firm Trading Technologies’ website. The first attack saw hackers place a backdoor into
Apr 20, 2023Ravie LakshmananCloud Security / Vulnerability A chain of two critical flaws has been disclosed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. “The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers’ PostgreSQL
by Paul Ducklin LOOPING THE LOOP No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS
The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents The European Union (EU) is transforming itself into a digitally aware, secure, and productive collective, with the aim of entering the 2030s as a relevant player within the digital sector. One of the base ideas
A threat actor associated with Iranian nation-state hackers has been weaponizing N-day vulnerabilities, as well as deploying new techniques to access environments of interest. The threat actor is a sub-group of Mint Sandstorm – a gang also known as Phosphorus and associated with APT35, APT42, Charming Kitten and TA453 – reported an advisory published by Microsoft on
Apr 19, 2023Ravie LakshmananCyber War / Cyber Attack Elite hackers associated with Russia’s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google’s Threat Analysis Group (TAG), which is monitoring the activities of the actor under
When decommissioning their old hardware, many companies ‘throw the baby out with the bathwater’ Taking a defunct router out of an equipment rack and sliding in a shiny new replacement is probably an everyday occurrence in many business networking environments. However, the fate of the router being discarded should be as important, if not more
Security researchers have discovered a new malicious software library capable of collecting lists of installed applications, a history of Wi-Fi and Bluetooth device information as well as nearby GPS location data. Dubbed Goldoson by McAfee’s Mobile Research Team, the library can also load web pages without user awareness and perform advertisement fraud by clicking on
Apr 18, 2023Ravie LakshmananThreat Intelligence / Cyber Risk Cybersecurity researchers have detailed the inner workings of a highly evasive loader named “in2al5d p3in4er” (read: invalid printer) that’s used to deliver the Aurora information stealer malware. “The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique,”
by Paul Ducklin We’ve said this before, but we’ll repeat it again here: Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional
Summary Amazon Web Service (AWS) Lambda is a serverless event-driven compute service. It is a function as a service (FaaS) that allows users to deploy application functionality without the complexity of maintaining the underlying infrastructure. Lambda executions can be triggered by events from other AWS services or software-as-a-service (SaaS) applications. Inside the Lambda execution environment
The state of Montana in the US has become the first to pass legislation banning TikTok on personal devices. The bill, SB 419, passed by a vote of 54 to 43, mentions several concerns about TikTok, such as alleged surveillance from the Chinese government as well as the encouragement of “dangerous activities” among youth using the app.
Apr 17, 2023Ravie LakshmananSurveillance / Privacy Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company “hasn’t been fully active
by Paul Ducklin If you’d never heard the cybersecurity jargon word “juicejacking” until the last few days (or, indeed, if you’d never heard it at all until you opened this article), don’t get into a panic about it. You’re not out of touch. Here at Naked Security, we knew what it meant, not so much
Automotive manufacturer Hyundai has recently disclosed a breach that has affected an unspecified number of Italian and French car owners as well as individuals who booked a test drive. The company notified affected individuals via email. Several of them posted a screenshot of the message on Twitter earlier this week. “I am sorry to inform
Apr 14, 2023Ravie LakshmananData Breach / Cyber Security Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages. What’s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums
The “Read The Manual” (RTM) Locker group has been observed targeting corporate environments with ransomware and forcing their affiliates to follow a strict set of rules. According to an advisory published on Thursday by Trellix cybersecurity experts, the businesslike approach of the group (also observed in other threat actors, such as Conti) shows its organizational maturity.
Apr 15, 2023Ravie LakshmananZero-Day / Browser Security Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in
The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers? Whether we like it or not, writers and bloggers are part of a community. And while we might write on totally different topics and espouse views from
Several cybersecurity organizations worldwide have jointly published a new series of guidelines to aid manufacturers in prioritizing cybersecurity practices while designing products. The paper was developed by the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, the UK,
Apr 14, 2023Ravie LakshmananUnited States The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland’s Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps
Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers Microsoft has released guidance on how organizations can detect BlackLotus, a powerful threat that was first analyzed by ESET researchers. BlackLotus is a UEFI bootkit that is capable of operating on Windows
The Iowa Department of Health and Human Services (HHS) in the US confirmed on Tuesday that the personal data of 20,800 Iowans who receive Medicaid was exposed due to a cyber-attack. According to the department, the Iowa Medicaid system itself was not compromised. Instead, the breach was due to an attack on a contractor’s computer systems
Apr 13, 2023Ravie LakshmananVulnerability Management Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which is the real story,” the company said in an announcement.
by Paul Ducklin I’M SORRY, DAVE, I’M AFRAID… SORRY, MY MISTAKE, I CAN DO THAT EASILY No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts
Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured While threat detections continue to rise, the widening cybersecurity skills gap is leaving businesses exposed. It is an issue particularly felt by SMBs forced to rein in
The US Cybersecurity and Infrastructure Security Agency (CISA) published the second version of its Zero Trust Maturity Model on Tuesday, which incorporates recommendations from a public comment period. The updated guidelines aim to further the federal government’s progress toward a zero trust approach to cybersecurity in support of the new National Cybersecurity Strategy. Read more