The Clop ransomware group has begun offering access to data stolen in MOVEit attacks via torrents, it has emerged. Security researcher Dominic Alvieri revealed the news on Twitter, with screenshots showing several big-name victims whose data is being made available via P2P sharing. Among the corporate names on that list were investment firm Putnam, Iron Bow Technologies
Month: August 2023
Aug 07, 2023THNCyber Crime / Cryptocurrency The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to
A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, eth-tester and databases. The campaign, dubbed VMConnect, was uncovered by ReversingLabs and started around July 28, 2023, with the continuous posting of new malicious PyPI packages daily. The
Aug 05, 2023The Hacker NewsManaged Detection and Response Managed Detection and Response (MDR) has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response (EDR) products deployed across their network domain. With real-time threat-hunting capabilities, MDR services detect and mitigate
A stealthy malware has been discovered on npm, the popular package manager for JavaScript, that poses a severe threat by exposing sensitive developer data. The findings come from cybersecurity firm Phylum, who said that on July 31 2023, their automated risk detection platform raised an alert regarding suspicious activities on npm. Over the course of a
by Paul Ducklin Back in August 2016, Heather Morgan, a.k.a. Razzlekhan, a.k.a. the Crocodile of Wall Street (actually, there’s a double-barrelled expletive in front of the word ‘crocodile’, but this is a family-friendly website so we’ll leave you to extrapolate for yourself), and her husband Ilya Lichtenstein got their hands on 120,000 of your finest
Aug 05, 2023THNVulnerability / Cyber Threat Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it. “The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors,” the tech
Threat intelligence experts from Group-IB have shed light on the hacktivist collective known as Mysterious Team Bangladesh. In a report published today, the firm analyzed the group’s history, tactics and targets, providing vital insights into its operations. Mysterious Team Bangladesh emerged in 2020 but gained international recognition in 2022 after conducting cyber raids against high-profile
by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed
Aug 04, 2023THNSoftware Security / Cyber Theat A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. “In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems,” cybersecurity and intelligence agencies from
The enormous global costs of ransomware attacks on the manufacturing sector have been laid bare in a new analysis by Comparitech. The firm reviewed 478 confirmed ransomware attacks on the manufacturing companies from 2018 to July 2023, using its worldwide tracker to understand the true cost of such incidents. This includes the amount of downtime
by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give it a PR-friendly moniker, register
Aug 03, 2023THNCyber Attack / Phishing Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It’s
A new and sophisticated malware campaign named “P2Pinfect” has been observed targeting publicly-accessible deployments of the Redis data store. According to a technical write-up published on Monday by Cado Security Labs, the malware is written in Rust, making it challenging to analyze due to the programming language’s complexities. For context, in the time between Cado Security
by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon
Aug 02, 2023THNVulnerability / Cyber Attack Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity
The Android spyware known as SpyNote has been targeting financial institutions since late 2022 while expanding its capabilities to carry out bank fraud. Security researchers at Cleafy have recently shared new findings about SpyNote, saying the malware exploits Accessibility services and various Android permissions to conduct multiple malicious activities. SpyNote distribution occurs through email phishing
by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of
Aug 01, 2023THNCyber Attack / Malware Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware called Ursnif (aka Gozi). “It is a sophisticated downloader with the objective of installing a second malware