Security

0 Comments
by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our
0 Comments
North Korea threat actor Lazarus group is targeting Windows IIS web servers to launch espionage attacks, according to a new analysis by AhnLab Security Emergency response Center (ASEC). The researchers said the approach represents a variation on the dynamic-link library (DLL) side-loading technique, a tactic regularly utilized by the state-affiliated group. Here, they believe the
0 Comments
Google has enhanced the security of its first-party Android applications by launching the Mobile Vulnerability Reward Program (Mobile VRP). The tech giant made the announcement on Twitter Monday, hours after publishing the new initiative. The Mobile VRP aims to encourage researchers and security experts to identify and report vulnerabilities in Google-developed or maintained Android apps. 
0 Comments
by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers’ toolkits that have done computer science and software engineering a world
0 Comments
China has banned products sold by US chipmaker giant Micron, citing cybersecurity concerns. The Cyberspace Administration of China announced the decision on May 21, 2023, following a cybersecurity review of Micron products sold in China that was initiated in March 2023. In the statement, the Chinese government said the review had flagged “serious cybersecurity problems”
0 Comments
The CommonMagic malware implant has been associated with a previously unknown advanced persistent threat campaign linked to the Russo-Ukrainian conflict and relies on a new modular framework. Dubbed “CloudWizard,” the framework was discovered by security researchers at Kaspersky, who described it in an advisory published today. Leonid Bezvershenko, Georgy Kucherin and Igor Kuznetsov highlighted that sections
0 Comments
A vulnerability has been discovered in the KeePass password management software (v2.X), allowing an attacker to dump the master password from the program’s memory. The vulnerability (CVE-2023-32784) was discovered by security researcher Dominik Reichl and is expected to be resolved in the upcoming release of KeePass 2.54 in early June 2023. Reichl described the flaw
0 Comments
Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cyber-criminals.  The Cyber Signals report, titled “The Confidence Game,” provides a comprehensive analysis of the threat landscape from April 2022 to April 2023, suggesting the company’s systems currently detect and investigate an
0 Comments
China–Taiwan tensions have led to a significant increase in cyber-attacks targeting Taiwan, according to a new report by security experts at Trellix. In particular, the company spotted a surge in cyber-attacks aimed at Taiwanese industries, with the primary goal of deploying malware and stealing sensitive information. “Trellix has observed a surge in malicious emails targeted
0 Comments
by Paul Ducklin AN INSIDER ATTACK (WHERE THE PERP GOT CAUGHT) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop
0 Comments
Several new ways of effectively abusing Microsoft Teams via social engineering have been discovered by security researchers at Proofpoint. “[We] recently analyzed over 450 million malicious sessions, detected throughout the second half of 2022 and targeting Microsoft 365 cloud tenants,” reads a report published by the company earlier today. “According to our findings, Microsoft Teams is
0 Comments
A Chinese state-sponsored APT group known as Camaro Dragon has been observed exploiting TP-Link routers via a malicious firmware implant. The findings come from security experts at Check Point Research (CPR) and were described in an advisory published by the company earlier today. “The implant features several malicious components, including a custom backdoor named ‘Horse
0 Comments
New information has emerged regarding the Qilin ransomware group’s operations and Ransomware-as-a-Service (RaaS) program. In their latest research study, Group-IB’s threat intelligence team said it infiltrated and analyzed Qilin’s inner workings, revealing insights into its targeting of critical sectors and the sophisticated techniques they employed. Qilin, also known as Agenda ransomware, has emerged as a
0 Comments
A newly discovered vulnerability in the Essential Addons for Elementor plugin has put over one million WordPress websites at risk of attacks aimed at gaining unauthorized access to user accounts with elevated privileges. Cybersecurity experts at Patchstack described the new vulnerability (CVE-2023-32243) in an advisory published on Thursday. “This plugin suffers from an unauthenticated privilege
0 Comments
Toyota Motor Corp acknowledged earlier today that the vehicle data of approximately 2.15 million users was publicly accessible in Japan for nearly a decade, from November 2013 to mid-April 2023. Reuters first reported the news, specifying that according to Toyota spokesperson Hideaki Homma, the issue with Toyota’s cloud-based Connected service affects only vehicles in Japan. The
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned against a critical flaw discovered in PaperCut software, which has now been linked to a series of ransomware attacks. The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cyber-criminals to remotely execute malicious code without requiring any authentication credentials.  Consequently, these
0 Comments
A critical vulnerability has been discovered in the Linux-based Ruckus access points (AP) that allows remote attackers to take control of vulnerable systems. Tracked CVE-2023-25717 and first discovered in February, the flaw has been recently exploited by a new botnet named AndoryuBot, according to a new advisory by Fortinet. “[AndoryuBot] contains DDoS attack modules for
0 Comments
European police have arrested scores of suspects and seized thousands of stolen artefacts after a joint physical and cyber operation last year, according to Europol. Operation Pandora VII involved police from Austria, Bulgaria, the Czech Republic, Croatia, Cyprus, Greece, Ireland, Italy, Poland, Portugal, Romania, Spain, Sweden and Bosnia and Herzegovina. As with previous iterations, the