Security

by Paul Ducklin SNOOPING ON MEMORY, KEYSTROKES AND CRYPTOCOINS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of

Researchers have warned of a new multi-factor authentication (MFA) phishing campaign targeting thousands of users, including a large share of C-suite executives. The group behind it sent at least 120,000 phishing emails to hundreds of organizations across the globe between March and June this year, according to Proofpoint. These emails typically impersonate legitimate trusted services

by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two special items dubbed Exploitation Detected.

The UK’s financial regulatory has warned consumers to be on the lookout for loan fee fraudsters after revealing new research claiming that many Brits are worried about their finances this summer. The Financial Conduct Authority (FCA) said it polled 2000 adults in late July and found that 55% are more concerned about their bank balance

by Paul Ducklin Audio recordings are dangerously easy to make these days, whether by accident or by design. You could end up with your own permanent copy of something you thought you were discussing privately, preserved indefinitely in an uninterestingly-named file on your phone or laptop, thanks to hitting “Record” by mistake. Someone else could

UK organizations lost billions in data breaches between 2019 and 2022, with hundreds of millions of their customers suffering compromise of their personal information, according to a new analysis from Imperva. The security vendor studied 99,490 breaches reported to the Information Commissioner’s Office (ICO) between April 2019 and December 2022, as well as the “most

The Clop ransomware group has begun offering access to data stolen in MOVEit attacks via torrents, it has emerged. Security researcher Dominic Alvieri revealed the news on Twitter, with screenshots showing several big-name victims whose data is being made available via P2P sharing. Among the corporate names on that list were investment firm Putnam, Iron Bow Technologies

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, eth-tester and databases. The campaign, dubbed VMConnect, was uncovered by ReversingLabs and started around July 28, 2023, with the continuous posting of new malicious PyPI packages daily. The

A stealthy malware has been discovered on npm, the popular package manager for JavaScript, that poses a severe threat by exposing sensitive developer data. The findings come from cybersecurity firm Phylum, who said that on July 31 2023, their automated risk detection platform raised an alert regarding suspicious activities on npm. Over the course of a

by Paul Ducklin Back in August 2016, Heather Morgan, a.k.a. Razzlekhan, a.k.a. the Crocodile of Wall Street (actually, there’s a double-barrelled expletive in front of the word ‘crocodile’, but this is a family-friendly website so we’ll leave you to extrapolate for yourself), and her husband Ilya Lichtenstein got their hands on 120,000 of your finest

Threat intelligence experts from Group-IB have shed light on the hacktivist collective known as Mysterious Team Bangladesh. In a report published today, the firm analyzed the group’s history, tactics and targets, providing vital insights into its operations. Mysterious Team Bangladesh emerged in 2020 but gained international recognition in 2022 after conducting cyber raids against high-profile

by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed

The enormous global costs of ransomware attacks on the manufacturing sector have been laid bare in a new analysis by Comparitech. The firm reviewed 478 confirmed ransomware attacks on the manufacturing companies from 2018 to July 2023, using its worldwide tracker to understand the true cost of such incidents. This includes the amount of downtime

by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give it a PR-friendly moniker, register

A new and sophisticated malware campaign named “P2Pinfect” has been observed targeting publicly-accessible deployments of the Redis data store. According to a technical write-up published on Monday by Cado Security Labs, the malware is written in Rust, making it challenging to analyze due to the programming language’s complexities. For context, in the time between Cado Security

by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon

The Android spyware known as SpyNote has been targeting financial institutions since late 2022 while expanding its capabilities to carry out bank fraud.  Security researchers at Cleafy have recently shared new findings about SpyNote, saying the malware exploits Accessibility services and various Android permissions to conduct multiple malicious activities.  SpyNote distribution occurs through email phishing

by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of

New research has highlighted the severe risks posed by forged certificate attacks, which can lead to unauthorized access to important company resources. These attacks, known as the Shadow Credentials technique, involve attackers exploiting certain parts of a system called Active Directory (AD) that manages user access to various services. Kaspersky cybersecurity expert Alexander Rodchenko conducted

Nominations are open for the eighth annual Security Serious Unsung Heroes Awards to be held in London and run by Eskenzi PR. The awards are all about celebrating the UK’s cybersecurity professionals, teachers, lecturers, leaders and those working to make the industry not only more secure, but also more diverse and healthier for employees. Whether educating the

The UK’s Ministry of Defence (MoD) is launching an investigation after a typing error reportedly led to classified emails being sent to a close ally of Russia instead of the intended recipients. The emails were meant for the US military, identifiable by the domain “.mil.” However, due to a simple mistake omitting the letter “i,” the messages

CardioComm Solutions, a Canadian medical provider of consumer heart monitoring and medical ECG software solutions, has disclosed a cybersecurity incident on Tuesday that occurred on the company’s servers. To address the situation, CardioComm said it is collaborating closely with KPMG-EGYDE, relevant authorities and third-party cybersecurity experts.  The company assures its customers that there is no evidence

by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.

The threat of vendor email compromise (VEC) attacks has escalated, with recent data showing a sharp increase in such cyber-threats.  According to a new report published by cybersecurity firm Abnormal Security earlier today, VEC attacks – a variant of business email compromise (BEC) – pose a significant risk to organizations worldwide. These attacks impersonate trusted

by Paul Ducklin If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You’d probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue

Infoblox has unveiled crucial updates on the “Decoy Dog” remote access trojan (RAT) toolkit in a new threat report published today.  Initially discovered and disclosed in April 2023, Decoy Dog has proven to be more sophisticated than previously thought, using DNS for command-and-control (C2) and is suspected to be employed in ongoing nation-state cyber-attacks. Following Infoblox’s

by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, such as “Find the shadow

Tampa General Hospital (TGH) has revealed a data breach that may have affected the information of approximately 1.2 million patients. Writing in a notice on its website last week, TGH said it first detected unusual activity on its computer systems on May 31 2023. The hospital also explained that the cyber-criminals’ encryption attempts were foiled thanks to

by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: Component: WebKit Impact: Processing web

The Russian state prosecution asked the Moscow City Court to impose 18 years in a strict colony regime on Ilya Sachkov, the founder of cybersecurity and threat intelligence provider Group-IB, his lawyer Sergei Afanasyev told Russian press agency Interfax on July 21, 2023. This has been confirmed by the French press agency AFP. Sachkov was