Security

The Estonian government has revealed that the country was on the receiving end of the “most extensive” DDoS attacks in 15 years this week after angering Moscow. The former Soviet state reportedly removed a Red Army monument from Tallin square this week, while a Soviet-era tank was removed in the eastern city of Narva. The government has

by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just

Security experts have repeated warnings about malicious applications hiding on official mobile app stores after finding dozens of them on Google Play. Bitdefender said it identified 35 in total by using behavioral analysis technology to scan the marketplace. They totaled over two million downloads. The apps perform various malicious activities to achieve persistence on the user’s

by Paul Ducklin Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There’s a remote code execution hole (RCE) dubbed CVE-20220-32893 in Apple’s HTML rendering software (WebKit), by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted

Removable media represents the second greatest threat to operational technology (OT) systems so far this year, according to new data from IBM X-Force. The vendor analyzed its incident response and managed security services (MSS) data in light of the ongoing threat from Russia and a fast-expanding digital attack surface for many OT asset owners and

by Naked Security writer You’ve almost certainly seen and heard the word Conti in the context of cybercrime. Conti is the name of a well-known ransomware gang – more precisely, what’s known as a ransomware-as-a-service (RaaS) gang, where the ransomware code, and the blackmail demands, and the receipt of extortion payments from desperate victims are

Microsoft claims to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries. In an update on August 15, the tech giant said it had disabled accounts used by the “Seaborgium” group for reconnaissance, phishing, and email collection, and updated detections against its phishing domains in Microsoft

by Paul Ducklin At the well-known DEF CON security shindig in Las Vegas, Nevada, last week, Mac cybersecurity researcher Patrick Wardle revealed a “get-root” elevation of privilege (EoP) bug in Zoom for Mac: Mahalo to everybody who came to my @defcon talk “You’re M̶u̶t̶e̶d̶ Rooted” 🙏🏽 Was stoked to talk about (& live-demo 😅) a

Only a fifth of North American organizations have cyber-insurance coverage over $600,000, leaving a potentially significant shortfall in funds if they are compromised by ransomware, according to BlackBerry. The security software developer teamed up with Corvus Insurance to produce its BlackBerry Cyber Insurance Coverage study, compiled from interviews with 450 IT decision makers in the

Vulnerabilities in Xiaomi’s mobile payment could lead to an attacker stealing private keys used to sign Wechat Pay control and payment packages. The flaws were found by Check Point Research (CPR) in Xiaomi’s trusted execution environment (TEE), the system element responsible for storing and managing sensitive information such as keys and passwords. “We discovered a

Social media giant Meta has announced it will start testing end-to-end encryption (E2EE) as the default option on its Facebook Messenger platform. The company made the announcement in a blog post on August 11, where it explained the feature will be initially available only to selected users. “If you’re in the test group, some of

A key NHS IT partner that was hit by a ransomware attack last week has said it could take three to four weeks before all systems are back to normal. Advanced runs several key systems for the health service, including clinical patient management software (Adastra) and financial management software (eFinancials). One of its most important

by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Schroedinger’s cat outlines in featured image via Dhatfield under CC BY-SA 3.0. You can listen to us on Soundcloud, Apple Podcasts, Google

The threat actor known as DeathStalker has continued to target and disrupt foreign and cryptocurrency exchanges around the world throughout 2022 using the VileRAT malware, according to security researchers from Kaspersky. The findings are detailed in an advisory published on August 10 2022, which mentions a number of VileRAT-focussed campaigns  supposedly perpetrated by DeathStalker, starting

by Paul Ducklin Here’s this week’s BWAIN, our jocular term for a Bug With An Impressive Name. BWAIN is an accolade that we hand out when a new cybersecurity flaw not only turns out to be interesting and important, but also turns up with its own logo, domain name and website. This one is dubbed

Security researchers from Check Point have spotted 10 malicious packages on Python Package Index (PyPI), the primary Python package index used by Python developers. The first of them was Ascii2text, a malicious package that mimicked the popular art package by name and description. “Interestingly, [threat actors] were smart enough to copy the entire project description without

A “perfect storm” of surging threats, economic headwinds and evolving regulations will see many organizations miss out on cyber-insurance in 2023, experts have warned. Insurers have been increasing premiums whilst reducing coverage over recent months in response to the rising frequency, severity and cost of cyber-attacks. UK pricing increased 102% in the first quarter of 2022,

by Paul Ducklin Popular collaboration tool Slack (not to be confused with the nickname of the world’s longest-running Linux distro, Slackware) has just owned up to a cybersecurity SNAFU. According to a news bulletin entitled Notice about Slack password resets, the company admitted that it had inadvertently been oversharing personal data “when users created or

North Korea stole hundreds of millions of dollars worth of crypto assets in at least one major hack, according to a confidential United Nations (UN) report seen by Reuters on Thursday. The document also reportedly suggests the US previously accused North Korea of carrying out cyber-attacks to fund its nuclear and missile programs. “Other cyber activity

A team of security researchers from CloudSEK has discovered a new phishing tactic used by threat actors (TA) to target Indian banking customers via preview domains from Hosting Provider Hostinger. The new feature enables access to a site before it is accessible globally. In other words, it enables the viewing of website content without a

by Paul Ducklin We’ve written about PQC, short for post-quantum cryptography, several times before. In case you’ve missed all the media excitement of the past few years about so-called quantum computing… …it is (if you will pardon what some experts will probably consider a reckless oversimplification) a way of building computing devices that can keep

ReversingLabs researchers discovered a new ransomware family targeting Linux-based systems in South Korea. Dubbed GwisinLocker, the malware was detected by ReversingLabs on July 19 while undertaking successful campaigns targeting firms in the industrial and pharmaceutical space. “In those incidents, it often launched attacks on public holidays and during the early morning hours (Korean time) – looking to

by Paul Ducklin The word “protocol” crops up all over the place in IT, usually describing the details of how to exchange data between requester and replier. Thus we have HTTP, short for hypertext transfer protocol, which explains how to communicate with a webserver; SMTP, or simple mail transfer protocol, which governs sending and receiving

Cybersecurity experts from Deepwatch spotted activity from threat actors (TA) that “highly likely” exploited a security flaw in the Atlassian Confluence server (CVE-2022-26134) to deploy a new backdoor dubbed “Ljl” against a number of unnamed organizations. Deepwatch’s Adversary Tactics and Intelligence group (ATI) described the findings in an advisory published on Tuesday. After gaining initial

by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just

Security researchers from ThreatLabz have uncovered a new strain of a large-scale phishing campaign using adversary-in-the-middle (AiTM) techniques along with several evasion tactics. According to an advisory published by the company on Tuesday, similar AiTM phishing techniques were used in a separate phishing campaign described by Microsoft last month. Now, ThreatLabz revealed that using intelligence

by Paul Ducklin Just over a year ago, we wrote about a “cybersecurity researcher” who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI. This person went by the curious nickname of Remind Supply Chain Risks, and the packages had project names that were generally similar to well-known projects, presumably in the

A Sentinel One investigation revealed threat actors (TA) have been abusing the Windows Defender command line tool to decrypt and load Cobalt Strike payloads. The cybersecurity experts detailed their findings in an advisory last week, in which they said the TA managed to carry out the attacks after obtaining initial access via the Log4Shell vulnerability

by Paul Ducklin Cryptocurrency protocol Nomad (not to be confused with Monad, which is what PowerShell was called when it first came out) describes itself as “an optimistic interoperability protocol that enables secure cross-chain communication,” and promises that it’s a “security-first cross-chain messaging protocol.” In plain English, it’s supposed to let you swap cryptocurrency tokens

Security experts from online platform Zscaler have published an analysis of the new variant of the known Raccoon Stealer malware. Writing in an advisory last Friday, Zscaler said the new version of the malware is written in C, unlike previous versions which were mainly written in C++. Raccoon Stealer 2.0 features a new back-end and