The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android devices. The company unveiled this increased payout on X (formerly Twitter) on Tuesday, aiming to attract top-tier researchers and developer teams to collaborate with their platform. Under this program, Operation Zero is willing to pay
Month: September 2023
Sep 30, 2023THNRansomware / Cyber Threat The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit,
Video During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan 29 Sep 2023 This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the
The UK’s information commissioner has called for an immediate end to the use of excel spreadsheets to publish Freedom of Information (FOI) data. The data protection regulator issued an advisory notice yesterday to all public authorities in the wake of a hugely damaging leak at the Police Service of Northern Ireland (PSNI) last month. Among other
Sep 29, 2023THNCyber Espionage / Malware The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. “Employees of the targeted company were contacted by a fake recruiter
Secure Coding While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles Christian Ali Bravo 27 Sep 2023 • , 4 min. read Coding is a pivotal skill in many
One US lawmaker has warned that the impending government shutdown will put critical cyber workers out of action, leaving Americans exposed to damaging cyber-attacks. Democratic Congresswoman Rep. Shontel Brown made the remarks during a Joint Subcommittee Hearing on Ransomware on September 27, 2023, which discussed how to combat rising ransomware attacks on US infrastructure. The
Sep 28, 2023The Hacker NewsBrowser Security / Cybersecurity The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today’s SaaS-centric world. The limitations of Browser Isolation, such
Secure Coding, Business Security Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security? 26 Sep 2023 • , 5 min. read There are – and will always be – vulnerabilities in software. Just like there is no perfect security, there
Russian cyber-attacks against Ukraine skyrocketed in the first half of 2023, with 762 incidents observed by Ukraine’s State Service of Special Communications and Information Protection (SSSCIP). This represents a 123% surge compared with the second half of 2022. However, the SSSCIP also found that these attacks were significantly less successful than in the past, with
Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive. Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but
Fear, ignorance and forgetfulness are some of the reasons for widespread shortcomings in reporting cyber-attacks and breaches, both internally and externally, according to a new global survey conducted by Keeper Security. The study, Cybersecurity Disasters Survey Incident Reporting & Disclosure, was published on September 26, 2023. It found that, despite cyber-attacks being top of mind
Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance.
A Nigerian extradited to the US had pleaded guilty to his part in a multimillion-dollar business email compromise (BEC) conspiracy. Kosi Goodness Simon-Ebo, 29, pleaded guilty late last week to conspiracy to commit wire fraud and conspiracy to commit money laundering. From February to July 2017, he conspired with several others, including some living in
Sep 25, 2023THNCyber Attack / Phishing Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. “Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service
For years, the Middle East has maintained its reputation as a fertile ground for advanced persistent threats (APTs). In the midst of routine monitoring of suspicious activities on the systems of high-profile customers, some based in this region, ESET Research stumbled upon a very sophisticated and unknown backdoor that we have named Deadglyph. We derived
The year 2023 has seen a surge of over 700 advertisements on the dark web offering Distributed Denial of Service (DDoS) attacks through Internet of Things (IoT) devices, suggests a new report by Kaspersky. These services come at varying price points, depending on factors like DDoS protection and verification on the target’s end, ranging from
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. “The targeting took place after Eltantawy publicly stated his plans to run
Video Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups 22 Sep 2023 The lineup of speakers at this year’s edition of LABScon featured two ESET malware researchers who took to the stage to deconstruct sophisticated attacks conducted by two well-known APT groups.
The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super
Sep 23, 2023THNCyber Espionage / Malware Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET
A US government contractor working as an IT administrator at the State department is facing a maximum penalty of death or life in prison after being arrested on serious espionage charges. Abraham Teklu Lemma, 50, of Silver Spring, Maryland, has been charged with delivering national defense information to aid a foreign government, conspiracy to deliver
Sep 22, 2023The Hacker NewsMITRE ATT&CK / Cybersecurity Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. This testing is critical for evaluating vendors because it’s virtually impossible to
ESET researchers have analyzed two campaigns by the OilRig APT group: Outer Space (2021), and Juicy Mix (2022). Both of these cyberespionage campaigns targeted Israeli organizations exclusively, which is in line with the group’s focus on the Middle East, and used the same playbook: OilRig first compromised a legitimate website to use as a C&C
The typical business in the US and UK loses over 4% of their online revenue every year due to malicious bot attacks, according to a new report from Netacea. The firm’s Death by a Billion Bots report was compiled from a survey of 440 businesses with an average online revenue of $1.9bn across the travel,
Sep 21, 2023The Hacker NewsSaaS Security / App Security Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the
The International Criminal Court (ICC) yesterday confirmed the discovery of suspicious activity inside its IT network but revealed little else of a worrying security breach last week. The Netherlands-headquartered tribunal, which tries suspects of war crimes and crimes against humanity, posted a brief statement to X (formerly Twitter). “At the end of last week, the International
Sep 20, 2023The Hacker NewsWeb Application Security Well, you shouldn’t. It may already be hiding vulnerabilities. It’s the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy,
“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people for the FBI was the reason for his presence at the Mandiant mWISE conference? During his opening keynote speech on September 18, Wray explained how collaborating with the private sector has changed the FBI’s approach