Security

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory suggesting North Korean state-sponsored cyber actors are using the Maui ransomware to target Healthcare and Public Health (HPH) Sector organizations in the US. According to the document – a joint effort between CISA, the Federal Bureau of Investigation (FBI) and the Department of

by Paul Ducklin Just over a week ago, the newswires were abuzz with news of a potentially serious bug in the widely-used cryptographic library OpenSSL. Some headlines went as far as describing the bug as a possibly “worse-than-Heartbleed flaw”, which was dramatic language indeed. Heartbleed, as you may remember, was an incredibly high-profile data leakage

The US Department of Commerce’s National Institute of Standards and Technology (NIST) has selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer. The four selected encryption algorithms will now reportedly become part of NIST’s post-quantum cryptographic (PQC) standard, which should be finalized in about two years. More specifically, for

by Paul Ducklin Google’s latest update to the Chrome browser fixes a varying number of bugs, depending on whether you’re on Android, Windows or Mac, and depending on whether you’re running the “stable channel” or the “extended stable channel“. Don’t worry if you find the the plethora of Google blog posts confusing… …we did too,

NATO has announced plans to develop virtual rapid response capabilities “to respond to significant malicious cyber activities.” The plans were unveiled in a declaration published following the NATO Summit in Madrid, Spain, last week. The latest summit took on extra significance in light of the Russian invasion of Ukraine earlier this year, amid fears of the conflict

by Paul Ducklin If you’re a Naked Security Pocast listener, you may remember, back in March 2022, that we spoke about a convicted cybercriminal from Canada by the name of Sebastien Vachon-Desjardins. By all accounts, he was part of several so-called Ransomware-as-a-Service (RaaS) gangs, such as REvil and NetWalker, where the actual ransomware attackers act

CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University. The module reportedly has hidden desktop takeover capabilities that would be

Kaspersky security experts have discovered new malware targeting Microsoft Exchange servers belonging to several organizations worldwide. Dubbed “SessionManager” and first spotted by the company in early 2022, the backdoor enables threat actors to keep “persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.” According to Kaspersky, once propagated, SessionManager would enable

by Paul Ducklin The US Federal Bureau of Investigation (FBI) famously maintains a Ten Most Wanted Fugitives list. Currently, nine of them are men, suspected of 22 different offences between them: Accessory After the Fact Aiding and Abetting Armed Robbery Cocaine Importation Conspiracy Conspiracy to Commit Murder-for-Hire Conspiracy to Commit Violent Crimes in Aid of

Microsoft’s Security Intelligence team has issued a new warning against a known cloud threat actor (TA) group. Tracked as 8220 and active since early 2017, the group would have now updated its malware toolset to breach Linux servers in order to install crypto miners as part of a long-running campaign. “The updates include the deployment

by Paul Ducklin We’ll tell this story primarily through the medium of images, because a picture is worth 1024 words. This cybercrime is a visual reminder of three things: It’s easy to fall for a phishing scam if you’re in a hurry. Cybercriminals don’t waste any time getting new scams going. 2FA isn’t a cybersecurity

An ex-Canadian government employee pleaded guilty in Florida court earlier this week to charges of involvement with the NetWalker ransomware group. Sebastien Vachon-Desjardins, 34, was accused of conspiracy to commit computer fraud and wire fraud, as well as intentional damage to a protected computer and transmitting a demand concerning damaging a protected computer. Vachon-Desjardins was extradited in March, following

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

A group of security researchers from Abuse.ch and ThreatFox launched a new hub for scanning and hunting files. Dubbed YARAify, the defensive tool is designed to scan suspicious files against a large repository of YARA rules. “YARA is an open source tool for pattern matching,” Abuse.ch founder Roman Hüssy said in an interview with The Daily Swig. “It allows anyone […]

by Paul Ducklin This month’s scheduled Firefox release is out, with the new 102.0 version patching 19 CVE-numbered bugs. Despite the large number of CVEs, the patches don’t include any bugs already being exploited in the wild (known in the jargon as zero-days), and don’t include any bugs labelled Critical. Perhaps the most significant patch

An analysis from cybersecurity firm Cyble has found over 900,000 Kubernetes (K8s) exposed across the internet and thus vulnerable to malicious scans and/or data-exposing cyberattacks. The researchers clarified that while not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practices might make companies lucrative targets for threat actors (TA) in

by Paul Ducklin Sadly, over the years, we’ve needed to write numerous Naked Security warnings about romance scammers and sextortionists. Although those are general-sounding terms, they’ve come to refer to two specific sorts of online crime: Romance scamming. This typically refers to a long-game confidence trick in which cybercriminals court your online friendship under a

by Paul Ducklin Another day, another De-Fi (decentralised finance) attack. This time, online smart contract company Harmony, which pitches itself as an “open and fast blockchain”, has been robbed of more than $80,000,000’s worth of Ether cryptocoins. Surprisingly (or unsurprisingly, depending on your point of view), if visit Harmony’s website, you’ll probably end up totally

An unidentified hacker group has stolen more than $100m from Californian cryptocurrency firm Harmony. The company made the announcement last Thursday in a Twitter thread, saying they had identified a theft occurring on the Horizon bridge amounting to approximately $100m. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the

Organizations need to change their approach to security awareness and training to reduce the threat of phishing attacks and other risks based on human behavior. Tim Ward, CEO of Think Cyber Security, told attendees at Infosecurity Europe 2022 that security teams can “nudge” colleagues towards more secure behavior. This will be more effective than conventional

The second day of InfoSecurity Europe 2022 saw Geoff White, investigative journalist and author of Penguin Books’ The Lazarus Heist, discuss how government-sponsored cyber-attackers increasingly interact with organized crime gangs, operating seamlessly on a global scale. White also touched upon the emerging world of cryptocurrency theft. In illuminating the increasing connection between cybersecurity and geopolitical

The closing keynote discussion of the InfoSecurity Europe 2022 conference was titled ‘Next Generation, Next Challenges, New Opportunities’ and was moderated by Eleanor Dallaway, editorial director of Infosecurity Magazine. Dallaway was joined onstage by specialists Marc Avery, CISO & director, Cyber Chain Alliance, Jonathan Kidd, global CISO, Computershare and Chris Green, head of PR and

by Paul Ducklin If you’re an OpenSSL user, you’re probably aware of the most recent high-profile bugfix release, which came out back in March 2022. That fix brought us OpenSSS 3.0.2 and 1.1.1n, updates for the two current fully-supported flavours of the product. (There’s a legacy version, 1.0.2, but updates to that version are only

On the third and final day of InfoSecurity Europe 2022, Sarb Sembhi, global CISO of Aireye, moderated the keynote panel discussion titled ‘Boosting SME’s Cyber Security Strategy.’ Sembhi was accompanied by fellow experts Milos Pesic, vice president of InfoSec & CyberSec at Marken, Diane Abela, chief information security officer at AccuRx and Vincent Blake, VP, digital technology security officer &

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’22”] Duck gets behind the Ducks. [01’34”] 2000 phone scammers arrested in Interpol action. [11’12”] A three-year-old hacking case ends in conviction. [17’13”] Canadian financial company picks up enormous data breach fine. With

Organizations are still neglecting to secure their supply chains, according to panellists at a session during Infosecurity Europe 2022. Panel chair and security consultant Peter Yapp warned that fewer than 10% of organizations have reviewed their suppliers’ security. “Attacks on the supply chain will only increase,” he said. Firms face a growing volume of attacks

Organizations face three emerging threats that compromise identities, exploit the use of accomplices or insiders and evade current detection and defenses, according to security researcher Oliver Rochford. During his insight stage talk at Infosecurity Europe, Rochford, security evangelist at Securonix, said that a growing number of criminal groups are acting as initial access brokers (IABs).

by Paul Ducklin Remember the Capital One breach? We did, though we felt sure it had happened a long time ago. Indeed, when we checked, it had: the story first broke almost three years ago, back in July 2019. At the time, the company reported: Capital One Financial Corporation announced […] that on July 19,

Web developer ‘z0ccc’ has created a website designed to generate a fingerprint of devices based on Google Chrome extensions installed on the visiting browser.  In an exclusive email interview with Bleeping Computer, z0ccc said while the website does not store the fingerprint of visiting devices, the testing shows that information could be potentially used by

by Paul Ducklin Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police? We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to