Security

The Shuckworm espionage group (aka Gamaredon, Armageddon), believed to be linked to the Russian Federal Security Service (FSB), has been observed intensifying its cyber-attacks on Ukraine. Discovered by the Symantec Threat Hunter Team, the new Shuckworm campaign focused on acquiring military and security intelligence to support potential invading forces. In particular, it aimed to gain

An updated version of the Android GravityRAT spyware targeting WhatsApp backups has been discovered by security researchers at ESET. In an advisory published by the firm on Thursday, ESET malware researcher Lukas Stefanko said the new variant of the malware is being distributed via two messaging apps called BingeChat and Chatico. GravityRAT is a remote

The US Department of Justice (DoJ) has announced the arrest and charges filed against a Russian national accused of participating in cyber-attacks using the LockBit ransomware. Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, allegedly targeted computer systems in the United States, Asia, Europe and Africa. Astamirov is the second individual arrested in connection

by Paul Ducklin DON’T GET INTO THE HABIT OF A BAD HABIT Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul

by Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe for doing so is “immediately”, no ifs, no buts. Progress Software is the maker of file-sharing software MOVEit Transfer, and the hosted MOVEit Cloud alternative that’s based on it, and this is its third

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released joint guidance on hardening Baseboard Management Controllers (BMCs). Published on Wednesday, the document aims to address the overlooked vulnerabilities in BMCs, which can serve as potential entry points for malicious actors seeking to compromise critical infrastructure systems. Read more

by Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related

A series of malicious GitHub repositories masquerading as legitimate security research projects have been discovered. VulnCheck researcher Jacob Baines shared the findings in a new advisory published today, saying the repositories claim to contain exploits for well-known products such as Chrome, Exchange and Discord. “In early May, VulnCheck came across a malicious GitHub repository that

by Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update, by the way): For a full list of this month’s Microsoft Patch Tuesday fixes, take a look at our sister site Sophos News, where SophosLabs analysts have collated complete lists of the

Network security solution provider Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN software that could be exploited to hijack equipment. The vulnerability, identified as CVE-2023-27997 with a CVSS score of 9.2, reportedly allowed remote code execution and was first discovered by a security analyst at Lexfo. The security fixes were included

The US and UK have reached an agreement to create a ‘data bridge’ to enable the free flow of data between the two regions. The ‘commitment in principle’ represents a UK extension to the Data Privacy Framework agreed between the EU and US in 2022. This means that US companies who are approved to join

by Naked Security writer Remember Mt. Gox? Originally, it was a card-trading site called MTGOX, short for Magic The Gathering Online Exchange (there was no sense of “Mountain” in the name at all), but the domain changed hands in the early days of cryptocurrency. Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox

Generative AI is advancing rapidly, but so are creative ways people find to use it maliciously. Many governments are trying to speed up their regulating plans to mitigate the risk of AI misuse. Meanwhile, some generative AI developers are looking into how they could help secure their models and services. Google, owner of the generative

Enterprise-grade security solution provider Barracuda has urged customers to replace Email Security Gateway (ESG) regardless of patch version level.  This follows attacks observed targeting a now-patched zero-day vulnerability. The flaw (tracked CVE-2023-2868) was exploited as early as October 2022 and patched remotely back on May 20, 2023. The attackers’ access to the compromised appliances was reportedly cut

by Paul Ducklin We’re all still using passwords on many, perhaps most, of our accounts, because we’re all still using plenty of online services that don’t offer any other sort of login system. Just today, for instance, I paid membership fees to a cycling-related group that asked for my postal address so it could send

The University of Manchester has been hit by a cyber-incident that has likely resulted in data being accessed by the attackers, the institution has confirmed in a statement published on June 9, 2023. In the post, Patrick Hackett, chief operating office at the University of Manchester, confirmed that “some of our systems have been accessed by

by Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before the end of last month… …we suspect you’ve heard of it now. That’s because the MOVEit brand name has been all over the IT and mainstream media for the last week or

A series of highly-targeted espionage attacks in North Africa has been linked to a previously undisclosed modular backdoor called “Stealth Soldier.” Targeting primarily individuals in Libya, the new campaign focuses on surveillance operations, according to a new advisory published today by Check Point Research (CPR). In particular, the Stealth Soldier backdoor features file exfiltration, screen

by Paul Ducklin BACKDOORS, EXPLOITS, AND LITTLE BOBBY TABLES No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL

In an effort to address the increasing threat posed by the malicious use of remote access software, several cybersecurity agencies have collaborated to release a comprehensive guide on securing these tools. The document was published on Tuesday by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of

by Paul Ducklin Firefox’s latest major update is out, following Mozilla’s usual every-fourth-Tuesday release cycle. The list of security fixes this month (like full moons, there are sometimes two Firefox releases in a calendar month, but most months only have one) is splendidly short, and there aren’t any critical bugs or zero-days in the list.

Three critical vulnerabilities have been discovered in RenderDoc, a graphics debugger that supports multiple operating systems, including Windows, Linux, Android and Nintendo Switch. The software holds a prominent position within the gaming development software arena, as it seamlessly integrates with leading gaming software engines such as Unity and Unreal.  As per the findings of cybersecurity

by Paul Ducklin Google’s latest Chrome update is out, and this time the company hasn’t minced its words about one of the two security patches it includes: Google is aware that an exploit for CVE-2023-3079 exists in the wild. There’s no two-degrees-of-separation verbiage, as we’ve often seen from Google before, to say that the company

A new malware campaign has been discovered that exploits the Satacom downloader, also known as LegionLoader, to distribute a browser extension designed to steal cryptocurrency. The Satacom downloader, a notorious malware family that emerged in 2019, is known for using DNS server queries to retrieve the next malware stage from another family associated with Satacom. 

by Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted customers of its MOVEit Transfer and related MOVEit Cloud products about a critical vulnerability dubbed CVE-2023-34362. As the name suggests, MOVEit Transfer is a system that makes it easy to store and

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection.  According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The method introduces another supply chain vulnerability for

US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.  The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good

A new cyber threat campaign named “Horabot” has been discovered by cybersecurity firm Cisco Talos targeting Spanish-speaking users in the Americas. Horabot, a botnet software, has been active since November 2020 and is responsible for distributing a banking Trojan and spam tool. According to an advisory published by Cisco Talos earlier today, the threat actor behind