Security

The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous Chisel, a new piece of malware infecting Ukraine’s military personnel’s mobile phones, to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). In a joint report published on

The creators of ChatGPT, OpenAI, have launched ChatGPT Enterprise which it claims to be the “most powerful version of ChatGPT yet”. The company also claims that with the new version of its generative AI chatbot, users will get “enterprise-grade security and privacy”. Other features include unlimited higher-speed GPT-4 access, longer context windows for processing longer

by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used

Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series of tweets posted on August 28, 2023. On the one hand, there has been an increasing number of new AiTM-capable PhaaS platforms throughout 2023; on the other, established phishing services, such as PerSwaysion, have also

The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This

The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers

Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply

The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed

Security researchers have detected a 178% increase in sextortion emails between the first half of 2022 and the same period this year, marking the category out as a top email threat. ESET said that sextortion emails ranked third among all email threats in H1 2023. They typically arrive unsolicited and claim to have compromising images

by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped

Experian Consumer Services has agreed to a permanent injunction and to pay a civil penalty of $650,000 to settle allegations relating to the CAN-SPAM Act. The firm, whose parent company is credit agency giant Experian, provides online credit reports, scores and monitoring products to customers. A case filed in the US District Court for the

by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,”

A cyber-attack on Australian utility company, Energy One Limited (EOL), could have international impact with the firm’s corporate systems in the UK also affected. The company, a global supplier of software and services to the wholesale energy market, confirmed that it had taken steps to limit the impact of the incident and had alerted both

by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to

The government is urging more schools to enrol their students in a government scheme designed to boost cyber skills, claiming that tens of thousands have already signed up since its launch in February last year. Around 2000 schools across the UK are participating in Cyber Explorers – a free learning platform for 11–14-year-olds designed to

A recent cybersecurity study has brought to light a concerning vulnerability crisis affecting web applications.  CyCognito’s semi-annual State of External Exposure Management report unveiled a distressing landscape of digital threats across public cloud, mobile and web platforms. The comprehensive analysis of 3.5 million assets, encompassing Fortune 500 entities, highlights the precarious state of data security. The

A significant phishing campaign employing QR codes has recently come to light, with a major US-based energy company as one of the primary targets.  The campaign, which began in May 2023, has witnessed a 2400% surge in volume since then, underscoring the urgency of addressing this emerging threat. Cybersecurity company Cofense has been closely monitoring

The UK’s much-anticipated summit on AI safety will reportedly be held in November, with cybersecurity experts welcoming the government’s focus on regulating emerging technologies. A Downing Street spokesperson confirmed the event will take place at the start of November at Bletchley Park, home to the codebreakers of World War Two who were led by the

by Paul Ducklin CELEBRATING THE TRUE CRYPTO BROS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a Citrix flaw patched in June is being actively exploited in the wild. CVE-2023-24489 was added to the agency’s Known Exploited Vulnerabilities Catalog yesterday, with CISA warning it poses “significant risks to the federal enterprise.” The flaw is described as an improper access control vulnerability

by Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go

One in three students at British universities encountered fraud attempts online last year, according to a new study from NatWest. The high street lender commissioned consulting firm RedBrick to poll over 3000 UK university students from 63 towns and cities back in May. Although a third of respondents said they’d encountered a scam over the

by Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the

Security researchers have discovered over 140,000 breached passwords associated with accounts on hacking forums after their owners were infected with info-stealing malware. Hudson Rock trawled its cybercrime intelligence database for infected computers with credentials associated with the top 100 cybercrime sites. It found 120,000 such computers, claiming many of these belonged to hackers. When a

by Paul Ducklin It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don’t actually

Police have taken down a Lolek bulletproof hosting service used by criminals to launch cyber-attacks across the world. The takedown was part of a coordinated effort between the Polish Central Cybercrime Bureau and the US Department of Justice (DoJ), alongside support from Europol and the Federal Bureau of Investigation (FBI). In a statement, Europol said:

A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting a critical infrastructure power generator in a southern African nation.  Echoing the high-profile Darkside Colonial Pipeline breach of 2021, the incident occurred during the third and fourth weeks of March 2023, according to a new

Multiple vulnerabilities have been identified in the widely used Avada theme and its accompanying Avada Builder plugin.  These security flaws, uncovered by Patchstack’s security researcher Rafie Muhammad, expose a significant number of WordPress websites to potential breaches. Within these vulnerabilities, the Avada Builder plugin exhibits two weaknesses. The first is an Authenticated SQL Injection (CVE-2023-39309).

Security researchers have discovered a third novel backdoor that was used in attacks on users of Barracuda ESG appliances recently. The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory detailing the malware, dubbed “Whirlpool.” It claimed the backdoor established a TLS reverse shell to a command-and-control (C2) server. “This artifact is