Security

0 Comments
A stealthy malware has been discovered on npm, the popular package manager for JavaScript, that poses a severe threat by exposing sensitive developer data. The findings come from cybersecurity firm Phylum, who said that on July 31 2023, their automated risk detection platform raised an alert regarding suspicious activities on npm. Over the course of a
0 Comments
by Paul Ducklin Back in August 2016, Heather Morgan, a.k.a. Razzlekhan, a.k.a. the Crocodile of Wall Street (actually, there’s a double-barrelled expletive in front of the word ‘crocodile’, but this is a family-friendly website so we’ll leave you to extrapolate for yourself), and her husband Ilya Lichtenstein got their hands on 120,000 of your finest
0 Comments
Threat intelligence experts from Group-IB have shed light on the hacktivist collective known as Mysterious Team Bangladesh. In a report published today, the firm analyzed the group’s history, tactics and targets, providing vital insights into its operations. Mysterious Team Bangladesh emerged in 2020 but gained international recognition in 2022 after conducting cyber raids against high-profile
0 Comments
A new and sophisticated malware campaign named “P2Pinfect” has been observed targeting publicly-accessible deployments of the Redis data store. According to a technical write-up published on Monday by Cado Security Labs, the malware is written in Rust, making it challenging to analyze due to the programming language’s complexities. For context, in the time between Cado Security
0 Comments
The Android spyware known as SpyNote has been targeting financial institutions since late 2022 while expanding its capabilities to carry out bank fraud.  Security researchers at Cleafy have recently shared new findings about SpyNote, saying the malware exploits Accessibility services and various Android permissions to conduct multiple malicious activities.  SpyNote distribution occurs through email phishing
0 Comments
New research has highlighted the severe risks posed by forged certificate attacks, which can lead to unauthorized access to important company resources. These attacks, known as the Shadow Credentials technique, involve attackers exploiting certain parts of a system called Active Directory (AD) that manages user access to various services. Kaspersky cybersecurity expert Alexander Rodchenko conducted
0 Comments
CardioComm Solutions, a Canadian medical provider of consumer heart monitoring and medical ECG software solutions, has disclosed a cybersecurity incident on Tuesday that occurred on the company’s servers. To address the situation, CardioComm said it is collaborating closely with KPMG-EGYDE, relevant authorities and third-party cybersecurity experts.  The company assures its customers that there is no evidence
0 Comments
by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
0 Comments
The threat of vendor email compromise (VEC) attacks has escalated, with recent data showing a sharp increase in such cyber-threats.  According to a new report published by cybersecurity firm Abnormal Security earlier today, VEC attacks – a variant of business email compromise (BEC) – pose a significant risk to organizations worldwide. These attacks impersonate trusted
0 Comments
Infoblox has unveiled crucial updates on the “Decoy Dog” remote access trojan (RAT) toolkit in a new threat report published today.  Initially discovered and disclosed in April 2023, Decoy Dog has proven to be more sophisticated than previously thought, using DNS for command-and-control (C2) and is suspected to be employed in ongoing nation-state cyber-attacks. Following Infoblox’s
0 Comments
Generative AI tools have conquered the workplace, especially large language model-based (LLM) chatbots like OpenAI’s ChatGPT and Google’s Bard. These powerful tools are capable of performing a broad range of tasks, from helping to draft perfect emails to providing digestible summaries, freeing up the time-strapped worker to focus on more strategic activities. However, using LLMs
0 Comments
The US Department of Justice (DoJ) is doubling the size of the team investigating cryptocurrency crime, with the fight against ransomware “an urgent priority.” In a speech at the Center for Strategic and International Studies on Thursday, July 20, Principal Deputy Assistant Attorney General Nicole M. Argentieri announced the merger of the National Cryptocurrency Enforcement
0 Comments
Security behavior change firm Hoxhunt has published its latest research highlighting employees’ resilience in critical infrastructure, showing a higher engagement level in identifying and reporting phishing attempts. Titled Human Cyber-Risk Report: Critical Infrastructure, the document investigates the human risk factor within the critical infrastructure sector, analyzing data from over 15 million phishing simulations and actual email attacks
0 Comments
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known as WyrmSpy and DragonEgg. A new report published by cybersecurity firm Lookout on July 19, 2023, highlighted the findings, mentioning APT41’s history of targeting both government organizations and private enterprises for espionage and financial gain.
0 Comments
by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including
0 Comments
Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform. On July 11, 2023, Adobe released patches for several vulnerabilities affecting ColdFusion, including a Rapid7-discovered access control bypass vulnerability (CVE-2023-29298) and an insecure deserialization vulnerability allowing arbitrary code execution (CVE-2023-29300). However, Rapid7 has recently observed that