Security

0 Comments
Generative AI tools have conquered the workplace, especially large language model-based (LLM) chatbots like OpenAI’s ChatGPT and Google’s Bard. These powerful tools are capable of performing a broad range of tasks, from helping to draft perfect emails to providing digestible summaries, freeing up the time-strapped worker to focus on more strategic activities. However, using LLMs
0 Comments
The US Department of Justice (DoJ) is doubling the size of the team investigating cryptocurrency crime, with the fight against ransomware “an urgent priority.” In a speech at the Center for Strategic and International Studies on Thursday, July 20, Principal Deputy Assistant Attorney General Nicole M. Argentieri announced the merger of the National Cryptocurrency Enforcement
0 Comments
Security behavior change firm Hoxhunt has published its latest research highlighting employees’ resilience in critical infrastructure, showing a higher engagement level in identifying and reporting phishing attempts. Titled Human Cyber-Risk Report: Critical Infrastructure, the document investigates the human risk factor within the critical infrastructure sector, analyzing data from over 15 million phishing simulations and actual email attacks
0 Comments
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known as WyrmSpy and DragonEgg. A new report published by cybersecurity firm Lookout on July 19, 2023, highlighted the findings, mentioning APT41’s history of targeting both government organizations and private enterprises for espionage and financial gain.
0 Comments
by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including
0 Comments
Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform. On July 11, 2023, Adobe released patches for several vulnerabilities affecting ColdFusion, including a Rapid7-discovered access control bypass vulnerability (CVE-2023-29298) and an insecure deserialization vulnerability allowing arbitrary code execution (CVE-2023-29300). However, Rapid7 has recently observed that
0 Comments
Conor Brian Fitzpatrick, famously known as “Pompompurin,” has entered a guilty plea for hacking charges in the United States District Court for the Eastern District of Virginia, Alexandria Division.  This comes after the US government recently seized the surface web domains linked to the notorious cybercrime marketplace, BreachForums, even though Fitzpatrick had been arrested months
0 Comments
Windows users have been targeted again by the sophisticated malware known as LokiBot, which is spreading through malicious Office documents.  According to a new advisory by Fortinet security researcher Cara Lin, attackers are leveraging known vulnerabilities, such as CVE-2021-40444 and CVE-2022-30190, to embed malicious macros within Microsoft Office documents.  Once executed, these macros drop the
0 Comments
A new threat actor group has been observed conducting a series of cyber-attacks targeting government entities, military organizations and civilian users in Ukraine and Poland.  According to a new advisory by Cisco Talos, the malicious campaigns started in April 2022 and are currently ongoing. They primarily aim at stealing valuable information and establishing persistent remote
0 Comments
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business email compromise (BEC) attacks, according to new findings shared by security firm SlashNext. “We’re now seeing an unsettling trend among cyber-criminals on forums, evident in discussion threads offering ‘jailbreaks’ for interfaces like ChatGPT,” wrote security
0 Comments
by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and
0 Comments
A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident Response and Security Teams (FIRST) on July 13, 2023. CVSS is the open industry standard for assessing the severity of computer system security vulnerabilities, helping organizations prioritize their vulnerability management processes. It provides a method
0 Comments
by Paul Ducklin This Tuesday, 2023-07-11, was Microsoft’s Patch Tuesday for July 2023, so here’s a brief reminder to do two things: Patch early, patch often. More than 100 vulnerabilities were patched this month, including four zero-day security holes for which working exploit code already exists. Even though everyone was at risk until Tuesday, it’s
0 Comments
The RomCom threat actor has reportedly launched a targeted cyber campaign aimed at organizations and individuals supporting Ukraine just days before a highly anticipated NATO Summit. The BlackBerry Threat, Research and Intelligence team uncovered this sophisticated operation and described it in an advisory published earlier today. In particular, the team said it discovered two deceptive
0 Comments
Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns. The claims come from ReversingLabs researchers, who said in a blog post published on Thursday the packages pose a dual threat, affecting application end users while also supporting email-based phishing attacks, mainly targeting Microsoft 365 users. Software
0 Comments
Confidential information, including unreleased TV shows, scripts and materials, belonging to the popular children’s television channel Nickelodeon, have been reportedly compromised in a significant data leak.  According to social media reports, an individual allegedly dumped approximately 500GB of animation files.  The authenticity of the leaked content is yet to be confirmed by Nickelodeon. Still, a spokesperson
0 Comments
Two spyware applications posing as file management tools have been discovered on the Google Play Store with a total of at least 1.5 million installs.  The apps, attributed to the same developer and discovered by cybersecurity firm Pradeo, exhibit similar malicious behaviors and operate without user interaction. Their main objective is to covertly extract and transmit
0 Comments
by Paul Ducklin PUTTING THE X IN X-OPS First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate “Ops” teams working together, with cybersecurity correctness as a guiding light. No audio player below? Listen directly on
0 Comments
In response to an ongoing incident, JumpCloud has reset the admin Application Programming Interface (API) keys for affected customers. In a notice sent to impacted customers and verified by Infosecurity, JumpCloud emphasized the precautionary nature of the action and its purpose of safeguarding sensitive information. “Out of an abundance of caution relating to an ongoing
0 Comments
The Nagoya Port Unified Terminal System (NUTS) in Japan suffered a significant system outage on Tuesday that was attributed to a ransomware attack. According to a notice (in Japanese) sent to customers, the attack disrupted container operations across all terminals within the port. In particular, container import and export operations via trailer transportation have been
0 Comments
A new report by the Kaspersky Digital Footprint Intelligence team has revealed that several companies worldwide are severely unprepared when dealing with darknet data leaks. The initiative, carried out in 2022, tracked dark web posts offering access to companies, compromised accounts and other critical incidents. Kaspersky said it promptly notified victim companies about these threats.