by Paul Ducklin Two weeks ago we reported on two zero-days in Microsoft Exchange that had been reported to Microsoft three weeks before that by a Vietnamese company that claimed to have stumbled across the bugs on an incident response engagement on a customer’s network. (You may need to read that twice.) As you probably
Security
Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years. In a statement on its website, Toyota said that the email addresses and customer control numbers of 296,019 people who have used T-Connect, a telematics
by Paul Ducklin The second Tuesday of every month is Microsoft’s regular day for security updates, still known by almost everyone by its unofficial nickname of “Patch Tuesday”. But the second Tuesday in October is also Ada Lovelace Day, celebrating Ada, Countess of Lovelace. Ada was a true pioneer not only of computing, but also
Representatives from Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) and the European Union Agency for Cybersecurity (ENISA) recently met to discuss strengthening cooperation and networking. The working meeting was held during the visit to ENISA HQ in Athens as a part of the Cybersecurity East Project. Viktor Zhora, SSSCIP deputy head, said after
by Paul Ducklin Naked Security meets Sophos X-Ops! (Read or listen according to your preference.) We dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it. We look at the what, the why and the
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.” “We have informed market participants
by Paul Ducklin Scam calls are a nuisance at best, because they’re intrusive, and a social and financial evil at worst, because they prey on those who are vulnerable. You probably get dozens or hundreds of them a year, often in waves of several a day, where the caller claims to be from Amazon (about
Chinese state–sponsored threat actors continue to exploit known vulnerabilities to target US and allied networks and companies, according to a new advisory published on October 06, 2022, by the US National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). Worse, they use “an increasing array of new and
by Naked Security writer Joe Sullivan, who was Chief Security Officer at Uber from 2015 to 2017, has been convicted in a US federal court of covering up a data breach at the company in 2016. Sullivan was charged with obstructing proceedings conducted by the FTC (the Federal Trade Commission, the US consumer rights body),
A number of notable software supply chain cyber incidents have been linked to ‘LofyGang,’ an attack group that has been operating for over a year, according to a new analysis by Checkmarx. The researchers discovered around 200 malicious packages with thousands of installations linked to LofyGang. These included several classes of malicious payloads, general password
by Paul Ducklin If you can’t beat ’em, sue ’em! Actually, the original quote doesn’t quite go like that, but you get the idea: if you can’t stop people downloading bogus, malware-tainted apps that pretend to be backed by your powerful, global brand… …why not use your powerful, global brand to sue the creators of
A newly discovered Android spyware family dubbed ‘RatMilad’ has been observed trying to infect an enterprise device in the Middle East. The discovery comes from security researchers at Zimperium, who said the original variant of the previously unknown RatMilad spyware hid behind a VPN and phone number spoofing app called Text Me. After identifying the
by Paul Ducklin SCAMMERS IN THE SLAMMER (AND OTHER STORIES) With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere
A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21.5m today for participating in the NetWalker ransomware attacks, said the Department of Justice (DOJ) Office of Public Affairs on Tuesday. Sebastien Vachon–Desjardins, 35, of Gatineau, Quebec, was extradited to the United States in January this year according to the extradition treaty between
by Naked Security writer Naked Security has written and talked about Sebastien Vachon-Desjardins before, in both article and podcast form. Vachon-Desjardins had been a federal government worker in the Canadian Capital Region (he comes from Gatineau in Quebec, directly across the river from the federal capital Ottawa in Ontario)… …but he seems to have decided
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) to improve asset visibility and vulnerability detection on federal networks. Named BOD 23–01 and becoming effective on April 03, 2023, the new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery every seven days. “While many
by Paul Ducklin Elvis, you might say, has left the building, but only to be transported from court to federal prison. In this case, we’re referring to Elvis Eghosa Ogiekpolor, jailed for 25 years in Atlanta, Georgia for running a cybercrime group that scammed close to $10,000,000 in uunder two years from individuals and business
A former US National Security Agency (NSA) employee has been arrested after trying to sell classified information to an undercover Federal Bureau of Investigation (FBI) agent posing as a foreign spy working for a foreign government. Federal prosecutors do not directly identify the government in question. Still, according to the FBI agent’s affidavit, Jareh Sebastian
Threat actors associated with North Korea have been spotted weaponizing legitimate open–source software targeting employees in organizations across multiple industries. The findings come from Microsoft Threat Intelligence Center (MSTIC), which published an advisory about the threat on Thursday. According to the technical write–up, the attacks were executed by an actor Microsoft tracks as Zinc –
Xtreme RAT and Cryptominer have been delivered through pirated copies of the Windows operating system (OS) software. The discovery comes from eSentire’s Threat Response Unit (TRU), with the security researchers publishing an advisory about the new threat on Thursday. “Several malicious Windows services on the system were responsible for modifying system permissions, disabling Windows Defender, and
by Paul Ducklin DON’T PANIC… BUT BE READY TO ACT With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere
A hacking group dubbed ‘Witchetty’ has been observed using a steganographic technique to hide a backdoor in a Windows logo and target Middle Eastern governments. According to a new advisory by Broadcom, Witchetty (aka LookingFrog) is believed to have connections to the state–backed Chinese threat actor APT10 as well as with TA410 operatives, a group
by Paul Ducklin Just when you hoped the week would quieten down and yield you some SecOps downtime over the weekend… …and along comes a brand new zero-day hole in Microsoft Exchange! More precisely, two zero-days that can apparently be chained together, with the first bug used remotely to open enough of a hole to
A new multifunctional malware written in the Go programming language has been spotted in the wild, targeting both Windows and Linux systems. The discovery has been made by Black Lotus Labs, the threat intelligence team at Lumen Technologies, who published an advisory about the new threat on Wednesday. The team reportedly discovered and analyzed roughly
by Paul Ducklin CUTTING THROUGH CYBERSECURITY NEWS HYPE With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good
Overall malware detections from the peaks seen in the first half of 2021 have decreased in the second quarter of 2022, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office. The figures come from a report published by WatchGuard earlier today and shared with Infosecurity Magazine. “While overall malware attacks
by Paul Ducklin Last week’s cyberintrusion at Australian telco Optus, which has about 10 million customers, has drawn the ire of the country’s government over how the breached company should deal with stolen ID details. Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of optusdata offering
Security researchers at SentinelOne have uncovered a variant of the Operation In(ter)ception campaign using lures for job vacancies at cryptocurrency exchange platform Crypto.com to infect macOS users with malware. According to an advisory published on Monday, the new attacks would represent a further instance of a campaign spotted by ESET and Malwarebytes in August and
by Paul Ducklin For the last day or two, our news feed has been buzzing with warnings about WhatsApp. We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted
A large–scale operation that reportedly stole millions of dollars from credit cards from 2019 to earlier this year has been exposed by cybersecurity company ReasonLabs. The scammers, defined by ReasonLabs as a “crime syndicate with origins in Russia,” would have used Amazon Web Services, GoDaddy and eNom to carry out the scheme. According to the
- « Previous Page
- 1
- …
- 33
- 34
- 35
- 36
- 37
- …
- 51
- Next Page »