Security

Security teams ought to seize on the opportunities of failures of the past to make meaningful change in how we approach incident response, urged Sarah Armstrong-Smith, chief security advisor at Microsoft, during UK Cyber Week 2023. Learning lessons from the past is crucial to developing an effective incident response strategy in cybersecurity, Armstrong-Smith said. The

by Paul Ducklin Cybersecurity researcher Sam Sabetan yesterday went public with insecurity revelations against IoT vendor Nexx, which sells a range of “smart” devices including door openers, home alarms and remotely switchable power plugs. According to Sabetan, he reported the bugs to Nexx back in January 2023, but to no avail. So he decided to

Threat actors have deployed a new, unique ransomware strain using the Palo Alto Cortex XDR Dump Service Tool, a commercial security product.  Dubbed Rorschach, the malware was discovered by the Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) and discussed in an advisory publisher earlier today. “Unlike other ransomware cases, the threat

by Paul Ducklin Mathematics is a complex and esoteric field that underpins science and engineering, notably including the disciplines of cryptography and cybersecurity. (There… we’ve added a mention of cybersecurity, thus justifying the rest of this article.) The topic of mathematics has been extensively and fervently studied from at least ancient Babylonian times, and the

The US Department of Defense (DoD) has launched a website to accompany its Hack the Pentagon (HtP) program. The Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS), Craig Martell, unveiled the website last Thursday. It will be a resource for DoD organizations, vendors and security researchers to understand how to conduct a

by Paul Ducklin Cybersecurity researchers in Belgium and the US recently published a paper scheduled for presentation later this year at the USENIX 2023 conference. The three co-authors couldn’t resist a punning title, dubbing their attack Framing Frames, with a slightly easier-to-follow strapline that says Bypassing Wi-Fi encryption by manipulating transmit queues. As security researchers

A new vulnerability has been discovered in Microsoft’s Azure Service Fabric Explorer (SFX) that would enable unauthenticated, remote threat actors to execute code on a container hosted on a Service Fabric node. Dubbed Super FabriXss by the Orca Security team, the cross-site scripting (XSS) flaw (CVE-2023-23383) has a CVSS score of 8.2 and affects SFX version 9.1.1436.9590 or

by Paul Ducklin Gordon Moore, co-founder of Intel, has died at 94. Academically, Moore was both a chemist and physicist, earning a Bachelor’s degree in chemistry from the University of California at Berkeley in 1950, and a Doctorate in physical chemistry and physics from the California Institute of Technology in 1954. After a brief interlude

A new malware toolset has been discovered and analyzed by security experts at SentinelOne. Dubbed “AlienFox” by the team, the toolkit can harvest credentials for multiple cloud service providers. An advisory published on Thursday by SentinelOne threat researcher Alex Delamotte shows that attackers used AlienFox to successfully harvest API keys and secrets from various services, including

by Paul Ducklin HOW TO TURN YOURSELF IN No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

The Italian Data Protection Authority (Garante per la protezione dei dati personali) has temporarily suspended the use of the artificial intelligence (AI) service ChatGPT in the country. The privacy watchdog opened a probe into OpenAI’s chatbot and blocked the use of the service due to allegations that it failed to comply with Italian data collection rules.

by Paul Ducklin In the early days of personal computers, everyone knew why backups were important. Computer storage simply wasn’t as reliable as it is today, and it wasn’t a question of if you’d lose vital files through no fault of your own, but when it would happen. (Possibly today; probably tomorrow; almost certainly by

Threat actors suspected to be operating for the North Korean government have been observed trojanizing versions of the voice and video calling desktop client 3CX DesktopApp to launch attacks against several victims. The Symantec threat intelligence team shared the findings in an advisory published earlier today, explaining the attackers’ tactics were similar to those used against

by Paul Ducklin NB. Detection names you can check for if you use Sophos products and servicesare available from the Sophos X-Ops team on our sister site Sophos News. Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to

Google’s Threat Analysis Group (TAG) has revealed tracking over 30 commercial spyware vendors that facilitate the spread of malware by government-backed threat actors. Writing in a blog post published earlier today, TAG’s Clement Lecigne said these vendors are arming countries that would otherwise not be able to develop these tools. “While the use of surveillance

by Naked Security writer The UK’s National Crime Agency (NCA) has recently announced work that it’s been doing as an ongoing part of a multinational project dubbed Operation PowerOFF. The idea seems to be to use fake cybercrime-as-a-service sites to attract the attention of impressionable youngsters who are hanging around on the fringes of cybercrime

A malware campaign targeting cryptocurrency wallets has been recently discovered by security researchers at Kaspersky. Discussing the findings in an advisory published today, the company said the attacks were first observed in September 2022 and relied on malware replacing part of the clipboard contents with cryptocurrency wallet addresses. “Despite the attack being fundamentally simple, it

by Paul Ducklin Apple’s latest update blast is out, including an extensive range of security patches for all devices that Apple officially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware in Apple’s super-cool external Studio

Microsoft announced a new information disclosure vulnerability on Friday, for a bug affecting its screenshot editing tools in both Windows 10 and Windows 11.  The vulnerability (CVE-2023-28303) is called aCropalypse and could enable malicious actors to recover sections of screenshots, potentially revealing sensitive information.  Read more on screenshot-supported malware here: New Threat Group Reviews Screenshots Before Striking

by Paul Ducklin Last week was aCropalypse week, where a bug in the Google Pixel image cropping app made headlines, and not just because it had a funky name. (We formed the opinion that the name was a little bit OTT, but we admit that if we’d thought of it ourselves, we’d probably have wanted

The repository hosting service GitHub has announced it is replacing its existing RSA SSH host key with a new one as a precautionary measure after discovering the key was momentarily exposed in a public repository. “We immediately acted to contain the exposure and began investigating to understand the root cause and impact,” GitHub wrote in an

Vulnerable code has been discovered in the payment solution plugin WooCommerce for the WordPress content management system (CMS) that could allow an unauthenticated attacker to gain administrative privileges and take over a website. The findings come from WordPress security experts at Wordfence, who described the critical authentication bypass in a blog post published on Thursday.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Joint Cyber Defense Collaborative (JCDC) have unveiled a new effort to aid organizations in quickly fixing vulnerabilities targeted by ransomware actors. The Pre-Ransomware Notification Initiative provides businesses with early warnings, enabling them to potentially evict threat actors before they can encrypt data and systems for

by Paul Ducklin Security holes in WordPress plugins that could allow other people to poke around your WordPress site are always bad news. Even if all you’re running is a basic setup that doesn’t have customer accounts and doesn’t collect or process any personal information such as names and email addresses… …it’s worrying enough just

A Chinese cyber-espionage actor likely connected with the “Operation Soft Cell” campaign has been targeting Middle East telecom providers since the beginning of 2023. The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism.

by Paul Ducklin DELETED DATA THAT JUST WON’T GO AWAY The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life. No audio player below? Listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith

An administrator of the notorious BreachForums website has announced the forum was taken down following the arrest of its alleged founder days ago. Writing in a Telegram message within the “Breach Forums” channel on Tuesday, the BreachForums admin known as “baphomet” confirmed he would be closing the site. “I will be taking down the forum,

by Paul Ducklin Just yesterday, we wrote about a bug in Google Pixel phones, apparently now patched, with potentially dangerous consequences. The bug finders, understandably excited (and concerned) by what they’d found, decided to follow the BWAIN principle for maximum, turning it into a Bug With An Impressive Name: aCropalypse. In case you’re wondering, the

More than 2400 scam pages have been discovered targeting Arabic-speaking job seekers in 13 countries from January 2022 to January 2023. The findings were made public by Group-IB security researchers in an advisory published earlier today. In it, risk protection analysts Sharef Hlal and Olga Ulchenko said that firms based in Egypt (48%), Saudi Arabia

by Paul Ducklin Even if you’ve never used one, you probably know what a VCR is (or was). Short for video cassette recorder, it was how we recorded and watched back videos at home in the days when digital video stored on hard disks was the absurdly expensive privilege of huge companies, typically TV stations.