by Paul Ducklin We’re all still using passwords on many, perhaps most, of our accounts, because we’re all still using plenty of online services that don’t offer any other sort of login system. Just today, for instance, I paid membership fees to a cycling-related group that asked for my postal address so it could send
admin
The University of Manchester has been hit by a cyber-incident that has likely resulted in data being accessed by the attackers, the institution has confirmed in a statement published on June 9, 2023. In the post, Patrick Hackett, chief operating office at the University of Manchester, confirmed that “some of our systems have been accessed by
Jun 09, 2023Ravie LakshmananCyber Threat / Financial Security Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations,”
A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities It’s rather rare to find a cybercrime group that ventures into cyberespionage, which alone makes new ESET research all the more interesting. According to ESET experts, a cybercrime group known as Asylum Ambuscade – which usually
by Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before the end of last month… …we suspect you’ve heard of it now. That’s because the MOVEit brand name has been all over the IT and mainstream media for the last week or
A series of highly-targeted espionage attacks in North Africa has been linked to a previously undisclosed modular backdoor called “Stealth Soldier.” Targeting primarily individuals in Libya, the new campaign focuses on surveillance operations, according to a new advisory published today by Check Point Research (CPR). In particular, the Stealth Soldier backdoor features file exfiltration, screen
Jun 08, 2023Ravie LakshmananEndpoint Security / Zero-Day Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k
Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future You’ve just downloaded a new mobile game, cryptocurrency wallet, or fitness app, but something isn’t right. Your phone’s screen is swamped by annoying ads, the app is not doing what you
by Paul Ducklin BACKDOORS, EXPLOITS, AND LITTLE BOBBY TABLES No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL
In an effort to address the increasing threat posed by the malicious use of remote access software, several cybersecurity agencies have collaborated to release a comprehensive guide on securing these tools. The document was published on Tuesday by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of
Jun 07, 2023Ravie LakshmananPrivacy / Technology Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents’ knowledge or consent. “Our proposed order makes
How your voice assistant could do the bidding of a hacker – without you ever hearing a thing Regular WeLiveSecurity readers won’t be stunned to read that cyberattacks and their methods keep evolving as bad actors continue to enhance their repertoire. It’s also become a common refrain that as security vulnerabilities are found and patched
by Paul Ducklin Firefox’s latest major update is out, following Mozilla’s usual every-fourth-Tuesday release cycle. The list of security fixes this month (like full moons, there are sometimes two Firefox releases in a calendar month, but most months only have one) is splendidly short, and there aren’t any critical bugs or zero-days in the list.
Three critical vulnerabilities have been discovered in RenderDoc, a graphics debugger that supports multiple operating systems, including Windows, Linux, Android and Nintendo Switch. The software holds a prominent position within the gaming development software arena, as it seamlessly integrates with leading gaming software engines such as Unity and Unreal. As per the findings of cybersecurity
Jun 06, 2023Ravie LakshmananCryptocurrency / Cyber Threat A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. “The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the
by Paul Ducklin Google’s latest Chrome update is out, and this time the company hasn’t minced its words about one of the two security patches it includes: Google is aware that an exploit for CVE-2023-3079 exists in the wild. There’s no two-degrees-of-separation verbiage, as we’ve often seen from Google before, to say that the company
A new malware campaign has been discovered that exploits the Satacom downloader, also known as LegionLoader, to distribute a browser extension designed to steal cryptocurrency. The Satacom downloader, a notorious malware family that emerged in 2019, is known for using DNS server queries to retrieve the next malware stage from another family associated with Satacom.
Jun 05, 2023Ravie LakshmananZero Day / Cyber Attack Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. “Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,” the Microsoft Threat Intelligence team
by Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted customers of its MOVEit Transfer and related MOVEit Cloud products about a critical vulnerability dubbed CVE-2023-34362. As the name suggests, MOVEit Transfer is a system that makes it easy to store and
Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The method introduces another supply chain vulnerability for
A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of
US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police
Jun 03, 2023Ravie LakshmananEndpoint Security / Linux An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit.
Given the reliance of today’s digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought. Given the increasing reliance of today’s digital world on APIs and the fact that cyberattacks targeting them continue to rise sharply, API security cannot be an afterthought. Here is
Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack. The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,
Jun 02, 2023Ravie LakshmananBotnet / Malware Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. “Horabot enables the threat actor to control the victim’s Outlook mailbox, exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses
by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good
A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys They hacked into corporate emails, stole money from people and businesses, and tricked others into transferring the loot. Nigerian nationals Solomon Ekunke Okpe and Johnson Uke Obogo ran a sophisticated fraud scheme
A new cyber threat campaign named “Horabot” has been discovered by cybersecurity firm Cisco Talos targeting Spanish-speaking users in the Americas. Horabot, a botnet software, has been active since November 2020 and is responsible for distributing a banking Trojan and spam tool. According to an advisory published by Cisco Talos earlier today, the threat actor behind
Jun 01, 2023Ravie LakshmananCyber Threat / Network Security An analysis of the “evasive and tenacious” malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable
- « Previous Page
- 1
- …
- 26
- 27
- 28
- 29
- 30
- …
- 98
- Next Page »