The cyber mercenary group, Void Balaur, continues expanding its hack–for–hire campaigns despite disruptions to its online advertising personas. The new information comes from cybersecurity experts at SentinelLabs, who recently published an advisory detailing Void Balaur’s latest campaigns. Written by senior threat researcher Tom Hegel, the document discusses the findings that SentinelLabs first unveiled at its
Security
by Paul Ducklin The curious name LAPSUS$ made huge headlines in March 2022 as the nickname of a hacking gang, or, in unvarnished words, as the label for a notorious and active collective of cybercriminals: The name was somewhat unusual for a cybercrime crew, who commonly adopt handles that sound edgy and destructive, such as
The Department of Air Force (DAF) Enterprise IT as a Service’s (EITaaS) Base Infrastructure Modernization (BIM) procurement said it will evolve its digital modernization strategy to an “as a Service” model that will integrate network, end–user services and computing platforms. According to an announcement by technology company Lumen, which will collaborate with the DAF on the
by Paul Ducklin LISTEN NOW With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft researchers. It revealed the threat actors launched credential–stuffing attacks (which use lists of compromised user credentials) against high–risk, unsecured administrator accounts that didn’t have multi–factor authentication (MFA)
by Paul Ducklin Morgan Stanley, which bills itself in its website title tag as the “global leader in financial services”, and states in the opening sentence of its main page that “clients come first”, has been fined $35,000,000 by the US Securities and Exchange Commission (SEC)… …for selling off old hardware devices online, including thousands
American financial services giant Morgan Stanley agreed to pay the Securities and Exchange Commission (SEC) a $35m penalty on Tuesday over data security lapses. According to the SEC’s complaint, the firm would have allowed roughly 1000 unencrypted hard drives (HDDs) and about 8000 backup tapes from decommissioned data centers to be resold on auction sites without
The UK’s National Cyber Security Centre (NCSC), part of GCHQ, has launched two pieces of guidance on September 21, 2022 to help organizations protect themselves and their customers online. The two guides, respectively called ‘Authentication methods: choosing the right type’ and ‘Removing malicious content to protect your brand,’ are specifically suited to companies with online
by Paul Ducklin Sophos Security SOS Week is back by popular demand, from 26-29 September 2022! Four top security experts are once again stepping up to share their expertise in a series of daily 30-minute interviews. This year, for the first time, we’re filming the interviews, giving you the option to watch our experts in
Threat actor Lapsus$ is now seemingly responsible for hacking gaming giant Rockstar Games after targeting mega-brands like Microsoft, Cisco, Samsung, Nvidia, Okta and probably Uber. An account operating name ‘teapotuberhacker’ posted on GTAForums around 90 videos of what appeared to be in-development footage of the upcoming Rockstar Games installment, Grand Theft Auto 6 – that
by Paul Ducklin If the big story of this month looks set to be Uber’s data breach, where a hacker was allegedly able to roam widely through the ride-sharing company’s network… ..the big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass
Uber appears to have been breached again, after a threat actor reportedly accessed its email and cloud systems, code repositories, internal Slack account and HackerOne tickets. The ride-hailing giant released a terse message on Twitter yesterday saying it is “currently responding to a cybersecurity incident” and is in touch with law enforcement. Meanwhile, the alleged hacker
The Cybersecurity and Infrastructure Security Agency (CISA) has added six known flaws to its Known Exploited Vulnerabilities Catalog on September 15, 2022. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose a significant risk to the federal enterprise,” the Agency wrote. The six issues include three that affect the
by Paul Ducklin CYBERSECURITY: “THEY DIDN’T BUT YOU CAN!” With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that
Hackers associated with North Korea are using trojanized versions of the PuTTY SSH open-source terminal emulator to install backdoors on victims’ devices. Discovered by Mandiant, the threat actor responsible for this campaign would be ‘UNC4034’ (also known as Temp.Hermit or Labyrinth Chollima). “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North
by Paul Ducklin By all accounts, and sadly there are many of them, a hacker – in the break-and-enter-your-network-illegally sense, not in a solve-super-hard-coding-problems-in-a-funky-way sense – has broken into ride-sharing company Uber. According to a report from the BBC, the hacker is said to be just 18 years old, and seems to have pulled off
Cybersecurity agencies in the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. An alert published this week said Tehran’s Islamic Revolutionary Guard Corps (IRGC) was behind multiple attacks exploiting VMware Horizon Log4j bugs on unprotected networks to enable disk encryption and data extortion. These include
by Paul Ducklin LISTEN NOW With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Threat actors are using the death of Queen Elizabeth II as a lure to phish for users’ Microsoft credentials, experts have warned. A screenshot posted by Proofpoint yesterday revealed an email spoofed to appear as if sent from the tech giant. With the headline “In Memory of Her Majesty Queen Elizabeth II,” it claimed that
Some 80% of organizations suffered a “severe” cloud security incident over the past year, while a quarter worry they’ve suffered a cloud data breach and aren’t aware of it, according to new research from Snyk. The developer security specialist polled 400 cloud engineering and security practitioners from organizations of various sizes and sectors, to compile
by Paul Ducklin Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers
Threat actors exploited a vulnerability in a popular VoIP appliance to gain access to a victim’s corporate network, researchers have revealed. A team at Arctic Wolf said that the unnamed organization was compromised by the Lorenz ransomware variant. The group apparently targeted the Mitel Service Appliance component of MiVoice Connect, via remote code execution bug
by Paul Ducklin We’ve been waiting for iOS 16, given Apple’s recent Event at which the iPhone 14 and other upgraded hardware products were launched to the public. This morning, we did a Settings > General > Software Update, just in case… …but nothing showed up. But some time shortly before 8pm tonight UK time
Investigators have disrupted a major organized crime gang believed to have tricked thousands of British victims into handing over money. The UK’s National Crime Agency (NCA) and Romanian police searched two penthouse apartments in Bucharest thought to have been the nerve center for a fraud operation that targeted consumers across Europe on a “massive scale.”
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions. The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report. “Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT
On April 20, 2022, Rapid7 discovered vulnerabilities in two TCP/IP–enabled medical devices produced by Baxter Healthcare. The flaws, four in total, affected the company’s SIGMA Spectrum Infusion Pump and SIGMA WiFi Battery. Almost five months after Rapid7 first reported the issues to Baxter, the companies are now revealing they have worked together to discuss the
by Paul Ducklin Dates, times and timezones are troublesome things. Daylight saving, or “summer time” as it’s also commonly known, makes matters even worse, because many countries tweak their clocks twice a year in order to shift the apparent time of sunrise and sunset in relation to the regular working day. In the UK, for
We are deeply saddened by the passing of Her Majesty Queen Elizabeth II who dedicated her life to service. She brought comfort, leadership and steadfastness to millions of people during her 70-year reign. On behalf of Infosecurity Magazine and our employees and customers, we send our sincerest condolences to the Royal Family and to all
by Paul Ducklin Yes, ransomware is still a thing. No, not all ransomware attacks unfold in the way you might expect. Most contemporary ransomware attacks involve two groups of criminals: a core gang who create the malware and handle the extortion payments, and “members” of a loose-knit clan of “affiliates” who actively break into networks
British AI cybersecurity vendor Darktrace will not be acquired by US private equity firm Thoma Bravo. In a statement to the London Stock Exchange (LSE) on Thursday 8, 2022, Darktrace said “discussions with Thoma Bravo have terminated,” putting an end to the £6bn ($6.9m) deal that could have been one of the most significant M&A
- « Previous Page
- 1
- …
- 34
- 35
- 36
- 37
- 38
- …
- 51
- Next Page »