A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser. The package in question, named “nodejs_net_server” and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its
admin
by Paul Ducklin It’s already nearly two months since Apple’s last security update to iOS 14, which was back on 2021-05-24 when iOS 14.6 appeared. So we weren’t surprised to see that another patch is out, officially listed [2021-07-19] as covering iOS (now on 14.7), tvOS (now also 14.7) and watchOS (now on 7.6). Annoyingly,
With the increase in online activities due to the COVID-19 pandemic, consumers are potentially becoming exposed to more online threats, and nearly 1 in 3 Americans are not confident in their ability to prevent a cyberattack. Through a partnership with American Express via the Amex Offers Program, McAfee is delighted to offer eligible American Express Card Members personal online
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. We hope you already know that you shouldn’t click on just any URLs. You might be sent one in a message; somebody might insert one under a social media post or you could be provided with one on basically any
Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named “SSPORT.SYS” that can enable remote privilege and arbitrary code execution.
In 2021 ransomware attacks have been dominant among the bigger cyber security stories. Hence, I was not surprized to see that McAfee’s June 2021 Threat report is primarily focused on this topic. This report provides a large range of statistics using the McAfee data lake behind MVISION Insights, including the Top MITRE ATT&CK Techniques. In
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own
by Paul Ducklin [01’32”] We explain how a format string bug could lock your iPhone out of your own network. [08’53”] We revisit the PrintNightmare saga, which is sort-of fixed but not really. [12’50”] We look back at the 20-year-old Code Red virus. [18’30”] We look at what cybercriminals spend money on (hint: more cybercrime). [29’10”] And in this week’s “Oh! No!”, we learn
Depending on where your travels take you, you might need a new passport—a COVID-19 vaccine passport. In an effort to kickstart travel and local economies, these so-called vaccine passports are more accurately a certificate. Such a “passport” can offer proof that the holder has been fully vaccinated against the virus, and there are several of these passports developing in the wings. With all of this in motion, I wanted to give families a look at
How can organizations mitigate the risk of damaging cyberattacks while juggling the constantly changing mix of office and off-site workers? The pandemic may finally be receding, but remote working is very much here to stay. The model that appears to be gaining most traction is a hybrid one, where most staff are allowed to spend
Instagram earlier this week introduced a new “Security Checkup” feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact
by Paul Ducklin Just over a week ago, we wrote about the REvil ransomware gang’s latest braggadoccio. As you probably know, ransomware operators like REvil, Clop and others don’t generally work on the front line themselves by conducting the actual network intrusions that deliver the final ransomware warhead. Instead, they recruit teams of “attack affiliates”
This blog was written byVaradharajan Krishnasamy, Karthickkumar, Sakshi Jaiswal Introduction Ransomware attacks are one of the most common cyber-attacks among organizations; due to an increase in Ransomware-as-a-service (RaaS) on the black market. RaaS provides readily available ransomware to cyber criminals and is an effective way for attackers to deploy a variety of ransomware in a
From securing your devices to avoiding public Wi-Fi hotspots for logging into apps we look at measures you can take to remain safe while this holiday season. Summer vacations are slowly inching closer, a welcome respite from the COVID-19 pandemic that has been raging around the world for well over a year now. And with the
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect
by Paul Ducklin “It never rains but that it pours,” as the old weather adage goes. That’s certainly how Microsoft must be seeing things right now, following the official announcement of yet another unpatched vulnerability in the Windows Print Spooler service. Dubbed CVE-2021-34481, this one isn’t quite as bad as the previous PrintNightmare problems, because
The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and purpose. You never can exactly tell how they will come at you, but come they will. It’s no different than fighting a kinetic foe in that, before you fight, you must choose your ground and
The newest update fixes a total of eight vulnerabilities affecting the desktop versions of the popular browser. Google has rolled out an update for its Chrome web browser that fixes a range of vulnerabilities, including a zero-day flaw that has been known to be actively exploited in the wild. The security loopholes affect the Windows,
Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of “precision attacks” to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial
by Paul Ducklin There’s a famous and very catchy song that starts, “It was 20 years ago today…” In the song, of course, Sergeant Pepper was busily teaching his band to play – a band, as the song assures us, that was guaranteed to raise a smile. But can you remember where you were and
What happened Microsoft has shipped an emergency security update affecting most Windows users. This update partially addresses a security vulnerability known as PrintNightmare that could allow remote hackers to take over your system. How does this affect you? PrintNightmare could allow hackers to gain control of your computer. This means hackers could perform malicious activities like installing their own apps, stealing your data, and creating new user accounts. How to fix the issue Microsoft recommends Windows
If you’ll be watching Sports Streaming events on your SmartTV, laptop, tablet or cell phone, learn the tips to keep you and your personal data safe. After a year and a half of cancelled global events, the 2021 summer season is proving to be full of major sporting events across the globe, and all sports
A sweeping and “highly active campaign” that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as “LuminousMoth,” which it
by Paul Ducklin We’ve written several times before about home delivery scams, where cybercriminals take advantage of our ever-increasing (and, in coronavirus times, often unavoidable) use of online ordering combined with to-the-doorstep delivery. Over the past year or so, we’ve noticed what we must grudgingly admit is a gradual improvement in believability on the part
Small business owners are getting a special deal on their online protection through a partnership between McAfee and Visa. With new ways of working creating online opportunities and risks for small business owners, McAfee and Visa have come together to offer comprehensive protection for a changed business landscape. Designed to help you minimize costs and unexpected interruptions to your business, McAfee® Security for Visa cardholders provides award-winning antivirus, ransomware, and malware
The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities The second Tuesday of the month is here, which means that Microsoft has rolled out patches for security vulnerabilities in Windows and its other products as part of its monthly Patch Tuesday bundle. This month’s batch of security updates brings
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means for malware infection has been a dominant part of the threat landscape. Malware authors continue to evolve their techniques to evade detection. These techniques involve utilizing macro obfuscation, DDE,
Lessons to learn from the Kaseya cyberincident to protect your business’ data when doing business with a MSP. Managed service providers (MSPs) play a critical role in the IT ecosystem. By outsourcing many of their day-to-day IT requirements to these companies, smaller organizations in particular can save costs, improve service levels and focus more resources
Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following which patches