Security researchers have discovered a sophisticated attack campaign that exploits custom and open-source tools to target Linux-based systems and Internet of Things (IoT) devices. According to a new blog post by Microsoft, the attackers utilized a patched version of OpenSSH to gain control of compromised devices and install cryptomining malware. Read more on this type
admin
by Paul Ducklin Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they’re seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties. The payloads unleashed by this crew of
Jun 24, 2023Ravie LakshmananThreat Intel / Zero Day The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and
Service members across the US military have reported receiving smartwatches unsolicited in the mail. These smartwatches have Wi-Fi auto-connect capabilities and can connect to cell phones unprompted, gaining access to user data. According to the US Criminal Investigation Division (CID), the smartwatches may also contain malware granting the sender access to saved data, including banking information,
by Paul Ducklin The Australian Prime Minister, Anthony Albanese, has apparently advised people Down Under to turn off their mobile phones once a day, for the surprisingly precise period of five minutes, as a cybersecurity measure. UK newspaper The Guardian quotes the PM as saying: We all have a responsibility. Simple things, turn your phone
The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government The US government is now offering a $10 million reward for information linking the Cl0p ransomware gang or other threat actors targeting US critical infrastructure to a foreign government. This is after Cl0p
Jun 23, 2023Ravie LakshmananSocial Engineering / Phishing A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. “The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus
As the UK’s largest building society, Nationwide has 18,000 users on its IT systems, 400 domains and 750 servers. The business pushes out 25,000 technology changes and updates every year. As a financial services provider, the society faces an increase in cyber-threats, as well as the need to comply with industry-specific legislation. As a result,
by Paul Ducklin LISTEN AND LEARN Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on
A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources It’s a truism that personal data is a valuable asset for cybercriminals, as it allows them to tailor and otherwise improve their phishing and other social engineering attacks. The wealth and variety of personal data that is
Jun 22, 2023Ravie LakshmananCyber Attack / Phishing A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone
Becky Pinkard describes herself as an outsider who found her place, and was able to express her true identity, in the cybersecurity industry. Pinkard, who has worked in cybersecurity since 1996, is now managing director of global cyber operations at Barclays. She is also a speaker, diversity advocate and security trainer who says that she
by Paul Ducklin Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware. Most notable about the original story was its strapline: Targeted attack on [Kaspersky] management with the Triangulation Trojan. Although the company ultimately said, “We’re confident that Kaspersky was not the main
From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels As the mercury rises and we look forward to vacationing in sunnier climbs, it’s also time to keep one eye peeled for internet scams and cyberthreats. Travel
Jun 21, 2023Ravie LakshmananCyber Threat / Privacy The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. “The threat actor sent their commands through the Golang backdoor that is using
Over reliance on security certifications can lead to a less diverse and less innovative workforce, and processes designed to satisfy auditors rather than improve security, according to a CISO panel. Speaking at Infosecurity Europe, Munawar Valji, CISO of Trainline, Dr Emma Philpott, CEO at the IASME Consortium and Helen Rabe, CISO at the BBC asked
by Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers and graphics cards. This week, the company published firmware updates for a wide range of its home routers, along with a strong warning that if you aren’t willing or able to update your firmware right
With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other? Chances are good that many of us have had enough of passwords. In a world where we have to manage access for scores of online accounts, passwords no longer seem fit for purpose.
Jun 20, 2023Ravie LakshmananOperational Technology Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors. “OT:ICEFALL demonstrates the need for tighter scrutiny
The use of connected devices in healthcare is driving innovation, offering new ways to assist medical staff. However, the adoption of the Internet of Things (IoT) has expanded the attack surface IT decision-makers in the healthcare industry have to deal with. A new report by Armis found that many cybersecurity leaders in UK National Health Service
by Paul Ducklin For the third time in about a week, cybersecurity law-and-order news includes a criminal case that’s been brewing for more than a decade. This time, the news is prison sentences for two of the main four original defendants in the infamous Megaupload saga. If you weren’t following cybersecurity a decade ago, we’ll
A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis. “The code is heavily
The Shuckworm espionage group (aka Gamaredon, Armageddon), believed to be linked to the Russian Federal Security Service (FSB), has been observed intensifying its cyber-attacks on Ukraine. Discovered by the Symantec Threat Hunter Team, the new Shuckworm campaign focused on acquiring military and security intelligence to support potential invading forces. In particular, it aimed to gain
ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT is a remote access tool known to be used since at least
As Threat Actors Continuously Adapt their TTPs in Today’s Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill’s collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines
An updated version of the Android GravityRAT spyware targeting WhatsApp backups has been discovered by security researchers at ESET. In an advisory published by the firm on Thursday, ESET malware researcher Lukas Stefanko said the new variant of the malware is being distributed via two messaging apps called BingeChat and Chatico. GravityRAT is a remote
Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves Bullying of any kind can have a devastating impact on the victim’s well-being and life. Physical bullying, also known as face-to-face or in-person bullying, is still an issue in schools, with many researchers saying that its long-term
Jun 17, 2023Ravie LakshmananCryptojacking / Network Security Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. “The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit,” Cado Security said in a
The US Department of Justice (DoJ) has announced the arrest and charges filed against a Russian national accused of participating in cyber-attacks using the LockBit ransomware. Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, allegedly targeted computer systems in the United States, Asia, Europe and Africa. Astamirov is the second individual arrested in connection
by Paul Ducklin DON’T GET INTO THE HABIT OF A BAD HABIT Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul
- « Previous Page
- 1
- …
- 46
- 47
- 48
- 49
- 50
- …
- 119
- Next Page »