Mar 11, 2023Ravie LakshmananCyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom.
admin
by Paul Ducklin Chinese “fast fashion” brand SHEIN is no stranger to controversy, not least because of a 2018 data breach that its then-parent company Zoetop failed to spot, let alone to stop, and then handled dishonestly. As Letitia James, Attorney General of the State of New York, said in a statement at the end
A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds Have you ever been asked to move an online conversation to another – and supposedly more secure – platform? This technique, often used by romance scammers, was recently used against a number of Indian
The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report. Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.” Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting
Mar 10, 2023Ravie LakshmananEndpoint Security / Hacking An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet
by Paul Ducklin YOU MUST HAVE THIS CHIP! EVEN IF IT HAS BUGS! Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
The threat actor known as “8220 Gang” has been associated with a new payload targeting an exploitable Oracle Weblogic Server in a specific Uniform Resource Identifier (URI). The payload, analyzed by Fortinet security researchers, is characterized by the extraction of ScrubCrypt, a type of malware designed to obfuscate and encrypt applications with the goal of
Mar 09, 2023Ravie LakshmananThreat Intelligence / Malware Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on
The North Korean threat actor known as Lazarus Group has been spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year. The news comes from security researchers at Asec, who published an advisory about the attacks on Tuesday. The company recorded the first of the attacks in
As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise’s ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps
by Paul Ducklin Even if you’re not entirely sure what a TPM is, you’ll probably know that if you want to run Windows 11, you need one. More precisely, you need a TPM 2.0 (although there’s an official Microsoft workaround to get by with TPM 1.2, the previous, incompatible version of the technology). TPM is
An astrobiologist, analog astronaut, author and speaker, Dr. Michaela Musilova shares her experience as a woman at the forefront of space exploration and from her quest for scientific and personal excellence When we talk about space adventures, our minds are likely to wander to famed astronauts. However, we often forget that there is a lot
A ransomware cyber-attack has targeted one of Barcelona’s leading hospitals, shutting down its computer system and forcing the cancellation of 150 non-urgent operations and up to 3000 patient checkups. Reported Monday on Twitter, the attack against Hospital Clinic de Barcelona occurred on Sunday. At the time, the institution said it was working to determine the
Mar 07, 2023Ravie LakshmananData Safety / Cyber Threat Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and
by Naked Security writer You’ve almost certainly heard of the ransomware family known as DoppelPaymer, if only because the name itself is a reminder of the double-barrelled blackmail technique used by many contemporary ransomware gangs. To increase the pressure on you to pay up, so-called double-extortionists not only scramble all your data files so your
ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information ESET researchers have identified an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users – presumably with a military or political orientation. Victims were probably targeted through a honey-trap
German and Ukrainian police forces have apprehended suspected key members of the DoppelPaymer ransomware gang, Europol announced today. The operation, carried out on February 28, was supported by Europol, the Dutch Police and the United States Federal Bureau of Investigations (FBI) and resulted in the capture of a suspect in Germany and one in Ukraine.
Mar 06, 2023Ravie LakshmananNetwork Security / Malware A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed
Two separate vulnerabilities have been found in the Trusted Platform Module (TPM) 2.0 that could lead to information disclosure or escalation of privilege. At a basic level, TPM is a hardware-based technology providing secure cryptographic functions to the operating systems on modern computers, making them resistant to tampering. Affecting Revisions 1.59, 1.38 and 1.16 of the
The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. As a result, the first publicly known
Mar 04, 2023Ravie LakshmananBanking Security / Cyber Crime A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. “The ATM malware is hidden inside another not-malicious-looking program,” Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning system defenders against the Royal Ransomware group. Part of the Agency’s #StopRansomware campaign, the document was released on Thursday in collaboration with the FBI and describes tactics, techniques and procedures (TTPs) alongside indicators of compromise (IOCs) associated with Royal ransomware variants. The
by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA), which dubs itself “America’s Cyber Defense Agency”, has just put out a public service annoucement under its #StopRansomware banner. This report is numbered AA23-061a, and if you’ve slipped into the habit of assuming that ransomware is yesterday’s threat, or that other specific cyberattacks should
A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their
Mar 04, 2023The Hacker NewsSaaS Security / Cyber Security This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees’ SaaS usage through a completely free, self-service product that operates
Security researchers from ESET have discovered a new custom backdoor they dubbed MQsTTang and attributed it to the advanced persistent threat (APT) group known as Mustang Panda. Writing in an advisory published on March 2, 2023, ESET malware researcher, Alexandre Côté Cyr explained the new backdoor is part of an ongoing campaign the company traced back to early January.
by Paul Ducklin A ROGUES’ GALLERY Rogue software packages. Rogue “sysadmins”. Rogue keyloggers. Rogue authenticators. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are
ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that we can trace back to early January 2023. Unlike most
Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read.
British high street chain WH Smith has revealed earlier today it was hit by a cyber-attack that resulted in the theft of company data. In particular, the stationery and book chain said current and former employee data was accessed by the threat actors, including names, addresses, dates of birth and national insurance numbers. WH Smith
- « Previous Page
- 1
- …
- 54
- 55
- 56
- 57
- 58
- …
- 116
- Next Page »