by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our
Security
North Korea threat actor Lazarus group is targeting Windows IIS web servers to launch espionage attacks, according to a new analysis by AhnLab Security Emergency response Center (ASEC). The researchers said the approach represents a variation on the dynamic-link library (DLL) side-loading technique, a tactic regularly utilized by the state-affiliated group. Here, they believe the
by Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts got there in the end. The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man
Google has enhanced the security of its first-party Android applications by launching the Mobile Vulnerability Reward Program (Mobile VRP). The tech giant made the announcement on Twitter Monday, hours after publishing the new initiative. The Mobile VRP aims to encourage researchers and security experts to identify and report vulnerabilities in Google-developed or maintained Android apps.
by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers’ toolkits that have done computer science and software engineering a world
China has banned products sold by US chipmaker giant Micron, citing cybersecurity concerns. The Cyberspace Administration of China announced the decision on May 21, 2023, following a cybersecurity review of Micron products sold in China that was initiated in March 2023. In the statement, the Chinese government said the review had flagged “serious cybersecurity problems”
by Naked Security writer In November 2022, we wrote about a multi-country takedown against a Cybercrime-as-a-Service (CaaS) system known as iSpoof. Although iSpoof advertised openly for business on a non-darkweb site, reachable with a regular browser via a non-onion domain name, and even though using its services might technically have been legal in your country
The CommonMagic malware implant has been associated with a previously unknown advanced persistent threat campaign linked to the Russo-Ukrainian conflict and relies on a new modular framework. Dubbed “CloudWizard,” the framework was discovered by security researchers at Kaspersky, who described it in an advisory published today. Leonid Bezvershenko, Georgy Kucherin and Igor Kuznetsov highlighted that sections
A vulnerability has been discovered in the KeePass password management software (v2.X), allowing an attacker to dump the master password from the program’s memory. The vulnerability (CVE-2023-32784) was discovered by security researcher Dominik Reichl and is expected to be resolved in the upcoming release of KeePass 2.54 in early June 2023. Reichl described the flaw
Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cyber-criminals. The Cyber Signals report, titled “The Confidence Game,” provides a comprehensive analysis of the threat landscape from April 2022 to April 2023, suggesting the company’s systems currently detect and investigate an
by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system update that takes you to
China–Taiwan tensions have led to a significant increase in cyber-attacks targeting Taiwan, according to a new report by security experts at Trellix. In particular, the company spotted a surge in cyber-attacks aimed at Taiwanese industries, with the primary goal of deploying malware and stealing sensitive information. “Trellix has observed a surge in malicious emails targeted
by Paul Ducklin AN INSIDER ATTACK (WHERE THE PERP GOT CAUGHT) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop
Several new ways of effectively abusing Microsoft Teams via social engineering have been discovered by security researchers at Proofpoint. “[We] recently analyzed over 450 million malicious sessions, detected throughout the second half of 2022 and targeting Microsoft 365 cloud tenants,” reads a report published by the company earlier today. “According to our findings, Microsoft Teams is
by Naked Security writer He goes by many names, according to the US Department of Justice. Mikhail Pavlovich Matveev, or just plain Matveev as he’s repeatedly referred to in his indictment, as well as Wazawaka, m1x, Boriselcin and Uhodiransomwar. From that last alias, you can guess what he’s wanted for. In the words of the
A Chinese state-sponsored APT group known as Camaro Dragon has been observed exploiting TP-Link routers via a malicious firmware implant. The findings come from security experts at Check Point Research (CPR) and were described in an advisory published by the company earlier today. “The implant features several malicious components, including a custom backdoor named ‘Horse
by Paul Ducklin Researchers at IoT security company Sternum dug into a popular home automation mains plug from well-known device brand Belkin. The model they looked at, the Wemo Mini Smart Plug (F7C063) is apparently getting towards the end of its shelf life, but we found plenty of them for sale online, along with detailed
New information has emerged regarding the Qilin ransomware group’s operations and Ransomware-as-a-Service (RaaS) program. In their latest research study, Group-IB’s threat intelligence team said it infiltrated and analyzed Qilin’s inner workings, revealing insights into its targeting of critical sectors and the sophisticated techniques they employed. Qilin, also known as Agenda ransomware, has emerged as a
by Paul Ducklin Here’s how the French data protection regulator describes controversial facial recognition service Clearview AI, in its own words, in clear and plain English: CLEARVIEW AI collects photographs from a wide range of websites, including social networks, and sells access to its database of images of people through a search engine in which
A newly discovered vulnerability in the Essential Addons for Elementor plugin has put over one million WordPress websites at risk of attacks aimed at gaining unauthorized access to user accounts with elevated privileges. Cybersecurity experts at Patchstack described the new vulnerability (CVE-2023-32243) in an advisory published on Thursday. “This plugin suffers from an unauthenticated privilege
Toyota Motor Corp acknowledged earlier today that the vehicle data of approximately 2.15 million users was publicly accessible in Japan for nearly a decade, from November 2013 to mid-April 2023. Reuters first reported the news, specifying that according to Toyota spokesperson Hideaki Homma, the issue with Toyota’s cloud-based Connected service affects only vehicles in Japan. The
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned against a critical flaw discovered in PaperCut software, which has now been linked to a series of ransomware attacks. The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cyber-criminals to remotely execute malicious code without requiring any authentication credentials. Consequently, these
by Naked Security writer This wasn’t your typical cyberextortion situation. More precisely, it followed what you might think of as a well-worn path, so in that sense it came across as “typical” (if you will pardon the use of the word typical in the context of a serious cybercrime), but it didn’t happen in the
An increasing number of threat actors have been observed using the leaked Babuk code from 2021 to create a new form of ransomware targeting VMware ESXi hypervisor environments. According to an advisory published by SentinelOne earlier today, these novel variants emerged between 2022 and 2023, showing an increasing trend of Babuk source code adoption. The
by Paul Ducklin “PRIVATE KEY”: THE HINT IS IN THE NAME No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop
Joseph James O’Connor, a 23-year-old British man, has admitted his involvement in hacking schemes targeting high-profile Twitter accounts, including those of Barack Obama and Elon Musk. O’Connor was extradited from Spain on April 26 after being arrested nearly two years ago. He pleaded guilty in a New York court earlier this week. Read more on
by Paul Ducklin Microsoft’s May 2023 Patch Tuesday updates comprise just the sort of mixture you probably expected. If you go by numbers, there are 38 vulnerabilities, of which seven are considered critical: six in Windows itself, and one in SharePoint. Apparently, three of the 38 holes are zero-days, because they’re already publicly known, and
A critical vulnerability has been discovered in the Linux-based Ruckus access points (AP) that allows remote attackers to take control of vulnerable systems. Tracked CVE-2023-25717 and first discovered in February, the flaw has been recently exploited by a new botnet named AndoryuBot, according to a new advisory by Fortinet. “[AndoryuBot] contains DDoS attack modules for
by Paul Ducklin About a month ago, we wrote about a data breach notification issued by major motherboard manufacturer MSI. The company said: MSI recently suffered a cyberattack on part of its information systems. […] Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business. […] MSI urges users
European police have arrested scores of suspects and seized thousands of stolen artefacts after a joint physical and cyber operation last year, according to Europol. Operation Pandora VII involved police from Austria, Bulgaria, the Czech Republic, Croatia, Cyprus, Greece, Ireland, Italy, Poland, Portugal, Romania, Spain, Sweden and Bosnia and Herzegovina. As with previous iterations, the
- « Previous Page
- 1
- …
- 20
- 21
- 22
- 23
- 24
- …
- 51
- Next Page »