Security

0 Comments
by Paul Ducklin Remember those Exchange zero-days that emerged in a blaze of publicity back in September 2022? Those flaws, and attacks based on them, were wittily but misleadingly dubbed ProxyNotShell because the vulnerabilities involved were reminiscent of the ProxyShell security flaw in Exchange that hit the news in August 2021. Fortunately, unlike ProxyShell, the
0 Comments
Australia’s largest health insurer Medibank has announced it will not pay a ransom to the threat actors behind the October data breach affecting 9.7 million customers. Writing on LinkedIn over the weekend, Medibank CEO David Koczkar said that, based on the advice the company has received from cybercrime experts, they believe that there is only a
0 Comments
A business email compromise (BEC) group dubbed ‘Crimson Kingsnake’ has recently been spotted impersonating well-known international law firms to trick recipients into approving overdue invoice payments. As outlined in a technical write-up by cloud email security platform Abnormal, 92 malicious domains of 19 law firms and debt collection agencies across the US, UK and Australia have been
0 Comments
The LockBit hacking group has claimed responsibility for the August cyber-attack against the multinational automotive group Continental. The ransomware gang made the announcement on its leak site on Wednesday and is threatening to publish the company’s data unless the ransom is paid over the next few hours of today (Friday). On the dark web blog
0 Comments
by Paul Ducklin Yesterday, we wrote about the waited-for-with-bated-breath OpenSSL update that attracted many column-kilometres of media attention last week. The OpenSSL team announced in advance, as it usually does, that a new version of its popular cryptographic library would soon be released. This notification stated that the update would patch against a security hole
0 Comments
The individuals behind the Black Basta ransomware have been linked to hacking operations conducted by the FIN7 threat actors. According to a new advisory by SentinelLabs, Black Basta actors have used a custom defense impairment tool (found exclusively in incidents by this specific threat actor) in several instances. “Our investigation led us to a further
0 Comments
The US Department of Justice (DoJ) has published a document highlighting charges against eight individuals for their participation in a Racketeer Influenced and Corrupt Organizations (RICO) conspiracy that involved hacking and tax fraud. US attorney Roger B. Handberg announced the partial unsealing of the indictment on Tuesday, charging Andi Jacques, Monika Shauntel Jenkins, Louis Noel
0 Comments
A major hospital in Osaka, Japan, has suspended routine medical services following a ransomware cyber-attack that disrupted its electronic medical record systems. Emergency operations are continuing, but Osaka General Medical Center officials told reporters on Monday that the hospital system failed earlier today and could not be accessed. They have also reported that a contractor
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new series of guidelines to help federal agencies defend against distributed denial-of-service (DDoS) attacks. The Capacity Enhancement Guide has been published in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It provides organizations with proactive steps
0 Comments
by Paul Ducklin Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family…
0 Comments
The threat actors behind the Raspberry Robin worm have been associated with a complex and interconnected malware ecosystem comprising the Clop and LockBit ransomware groups. The findings come from Microsoft, which has said the worm had alternate infection methods beyond its original USB drive spread. “These infections lead to follow-on hands-on-keyboard attacks and human-operated ransomware
0 Comments
A previously undocumented dropper has been spotted installing backdoors and other tools using the new technique of reading commands from apparently innocuous Internet Information Services (IIS) logs. The dropper has been discovered by cybersecurity researchers at Symantec, who said an actor is using the piece of malware dubbed Cranefly (aka UNC3524) to install another piece
0 Comments
by Paul Ducklin Google pushed out a bunch of security fixes for the Chrome and Chromium browser code earlier this week… …only to receive a vulnerability report from researchers at cybersecurity company Avast on the very same day. Google’s response was to push out another update as soon as it could: a one-bug fix dealing
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new report outlining baseline cybersecurity performance goals (CPGs) for all critical infrastructure sectors. The document is the result of a July 2021 security memorandum signed by President Biden. It has tasked CISA and the National Institute of Standards and Technology (NIST) with creating fundamental cybersecurity
0 Comments
A new cryptojacking campaign has been discovered targeting vulnerable Docker and Kubernetes infrastructure. Dubbed ‘Kiss-a-dog’ by CrowdStrike security researchers, the campaign has used several command-and-control (C2) servers to launch attacks aiming at mining cryptocurrency. The threat actors have also utilized user and kernel mode rootkits to hide the activity, backdoor compromised containers, move laterally in the
0 Comments
The threat actor known as Vice Society has been conducting ransomware and extortion campaigns against the global education sector, particularly in the US. The findings come from Microsoft security researchers, who published an advisory about Vice Society (tracked by the tech giant as DEV-0832) on Tuesday. “Shifting ransomware payloads over time from BlackCat, QuantumLocker, and
0 Comments
A total of 108.9 million accounts were breached in the third quarter of 2022, a 70% increase compared to the previous quarter. The top five countries and regions most affected by data breaches in Q3 2022 were Russia, France, Indonesia, the US and Spain. While Russia had the most breaches overall (22.3 million), France had