Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans? Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups? This week, ESET researchers revealed how an updated version of Android GravityRAT spyware is being spread as free messaging
admin
Jun 16, 2023Ravie LakshmananEndpoint Security / Network Security The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed
The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released joint guidance on hardening Baseboard Management Controllers (BMCs). Published on Wednesday, the document aims to address the overlooked vulnerabilities in BMCs, which can serve as potential entry points for malicious actors seeking to compromise critical infrastructure systems. Read more
by Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe for doing so is “immediately”, no ifs, no buts. Progress Software is the maker of file-sharing software MOVEit Transfer, and the hosted MOVEit Cloud alternative that’s based on it, and this is its third
Jun 15, 2023Ravie LakshmananCryptocurrency / Ransomware Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. “Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a
A series of malicious GitHub repositories masquerading as legitimate security research projects have been discovered. VulnCheck researcher Jacob Baines shared the findings in a new advisory published today, saying the repositories claim to contain exploits for well-known products such as Chrome, Exchange and Discord. “In early May, VulnCheck came across a malicious GitHub repository that
by Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related
While not a ‘get out of jail free card’ for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident Cyber risk is on the rise as the combined impact of surging threat levels, expanding attack surfaces and security skills shortages are putting organizations at a disadvantage. Faced with an
Jun 14, 2023Ravie LakshmananZero-Day / Network Security The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 (CVSS score: 3.9), “enabled the execution of privileged commands across Windows, Linux, and PhotonOS
Network security solution provider Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN software that could be exploited to hijack equipment. The vulnerability, identified as CVE-2023-27997 with a CVSS score of 9.2, reportedly allowed remote code execution and was first discovered by a security analyst at Lexfo. The security fixes were included
by Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update, by the way): For a full list of this month’s Microsoft Patch Tuesday fixes, take a look at our sister site Sophos News, where SophosLabs analysts have collated complete lists of the
Jun 13, 2023Ravie LakshmananCrimeware / Cryptocurrency A novel multi-stage loader called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what’s an advanced attack targeting users in Europe, the U.S., and Latin America. “DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately
The US and UK have reached an agreement to create a ‘data bridge’ to enable the free flow of data between the two regions. The ‘commitment in principle’ represents a UK extension to the Data Privacy Framework agreed between the EU and US in 2022. This means that US companies who are approved to join
Jun 12, 2023Ravie LakshmananVulnerability / Software Security researchers have warned about an “easily exploitable” flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. “A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted
by Naked Security writer Remember Mt. Gox? Originally, it was a card-trading site called MTGOX, short for Magic The Gathering Online Exchange (there was no sense of “Mountain” in the name at all), but the domain changed hands in the early days of cryptocurrency. Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox
Generative AI is advancing rapidly, but so are creative ways people find to use it maliciously. Many governments are trying to speed up their regulating plans to mitigate the risk of AI misuse. Meanwhile, some generative AI developers are looking into how they could help secure their models and services. Google, owner of the generative
Jun 10, 2023Ravie LakshmananVulnerability / Cyber Threat Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. “Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow
Enterprise-grade security solution provider Barracuda has urged customers to replace Email Security Gateway (ESG) regardless of patch version level. This follows attacks observed targeting a now-patched zero-day vulnerability. The flaw (tracked CVE-2023-2868) was exploited as early as October 2022 and patched remotely back on May 20, 2023. The attackers’ access to the compromised appliances was reportedly cut
Jun 10, 2023Ravie LakshmananCyber Attack / Malware Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. “SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities,” Elastic Security
A curious case of a threat actor at the border between crimeware and cyberespionage Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few
by Paul Ducklin We’re all still using passwords on many, perhaps most, of our accounts, because we’re all still using plenty of online services that don’t offer any other sort of login system. Just today, for instance, I paid membership fees to a cycling-related group that asked for my postal address so it could send
The University of Manchester has been hit by a cyber-incident that has likely resulted in data being accessed by the attackers, the institution has confirmed in a statement published on June 9, 2023. In the post, Patrick Hackett, chief operating office at the University of Manchester, confirmed that “some of our systems have been accessed by
Jun 09, 2023Ravie LakshmananCyber Threat / Financial Security Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations,”
A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities It’s rather rare to find a cybercrime group that ventures into cyberespionage, which alone makes new ESET research all the more interesting. According to ESET experts, a cybercrime group known as Asylum Ambuscade – which usually
by Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before the end of last month… …we suspect you’ve heard of it now. That’s because the MOVEit brand name has been all over the IT and mainstream media for the last week or
A series of highly-targeted espionage attacks in North Africa has been linked to a previously undisclosed modular backdoor called “Stealth Soldier.” Targeting primarily individuals in Libya, the new campaign focuses on surveillance operations, according to a new advisory published today by Check Point Research (CPR). In particular, the Stealth Soldier backdoor features file exfiltration, screen
Jun 08, 2023Ravie LakshmananEndpoint Security / Zero-Day Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k
Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future You’ve just downloaded a new mobile game, cryptocurrency wallet, or fitness app, but something isn’t right. Your phone’s screen is swamped by annoying ads, the app is not doing what you
by Paul Ducklin BACKDOORS, EXPLOITS, AND LITTLE BOBBY TABLES No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL
In an effort to address the increasing threat posed by the malicious use of remote access software, several cybersecurity agencies have collaborated to release a comprehensive guide on securing these tools. The document was published on Tuesday by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of
- « Previous Page
- 1
- …
- 47
- 48
- 49
- 50
- 51
- …
- 119
- Next Page »