Security

by Paul Ducklin LISTEN NOW With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

A maker of optical lenses and related equipment has agreed to pay $16.4m to settle allegations it broke the False Claims Act by paying kickbacks to eye care providers. The Department of Justice (DoJ) alleged the firm “knowingly and willfully offered or paid” optometrists and ophthalmologists to order its products for their customers, who included

by Paul Ducklin Cybersecurity stories are like buses: the one you’re waiting for doesn’t come along for ages, then two arrive at once. The specialist subject that suddenly popped up twice this week is: resonance. On Monday, we wrote about Janet Jackson’s 1989 song Rhythm Nation, and how it inadvertently turned into a proof-of-concept for

Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage. The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital’s business software, storage systems including

by Paul Ducklin You wouldn’t know it from visiting the company’s main website, but General Bytes, a Czech company that sells Bitcoin ATMs, is urging its users to patch a critical money-draining bug in its server software. The company claims worldwide sales of more than 13,000 ATMs, which retail for $5000 and up, depending on

The percentage of media companies susceptible to compromise is double the figure across all other sectors, according to a new study from BlueVoyant. The security vendor used its tools to perform a cybersecurity posture analysis on 485 organizations from the media industry to compile its Media Industry Cybersecurity Challenges report. It found that 30% of

by Paul Ducklin You’ve probably heard the old joke: “Humour in the public service? It’s no laughing matter!” But the thing with downbeat, blanket judgements of this sort is that it only takes a single counter-example to disprove them. Something cannot universally be true if it is ever false, even for a single moment. So,

Security researchers have discovered a new threat campaign designed to trick users into downloading malware capable of hijacking their machine. Discovered by Sucuri, the attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up. These have become increasingly popular over recent years as website owners struggle

Trojanized crypto-currency miners, also known as cryptojackers, continue to spread across computers around the world, while also becoming stealthier and increasingly avoiding detection. The data comes from Microsoft’s 365 Defender Research Team, who published a new analysis of cryptojackers on Thursday on its blog. “In the past several months, Microsoft Defender Antivirus detected cryptojackers on

The Chinese advanced persistent threat (APT) actor known as APT41 (or Barium, Bronze Atlas, Double Dragon and Wicked Panda) has targeted at least 13 organizations across the US, Taiwan, India, Vietnam and China as part of four different campaigns in 2021. The news comes from Group-IB Security researchers, who published an advisory detailing APT41 activities from

by Paul Ducklin The latest update to Google’s Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows). According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that “an exploit [for this vulnerability] exists in the wild”, making

The Estonian government has revealed that the country was on the receiving end of the “most extensive” DDoS attacks in 15 years this week after angering Moscow. The former Soviet state reportedly removed a Red Army monument from Tallin square this week, while a Soviet-era tank was removed in the eastern city of Narva. The government has

by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just

Security experts have repeated warnings about malicious applications hiding on official mobile app stores after finding dozens of them on Google Play. Bitdefender said it identified 35 in total by using behavioral analysis technology to scan the marketplace. They totaled over two million downloads. The apps perform various malicious activities to achieve persistence on the user’s

by Paul Ducklin Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There’s a remote code execution hole (RCE) dubbed CVE-20220-32893 in Apple’s HTML rendering software (WebKit), by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted

Removable media represents the second greatest threat to operational technology (OT) systems so far this year, according to new data from IBM X-Force. The vendor analyzed its incident response and managed security services (MSS) data in light of the ongoing threat from Russia and a fast-expanding digital attack surface for many OT asset owners and

by Naked Security writer You’ve almost certainly seen and heard the word Conti in the context of cybercrime. Conti is the name of a well-known ransomware gang – more precisely, what’s known as a ransomware-as-a-service (RaaS) gang, where the ransomware code, and the blackmail demands, and the receipt of extortion payments from desperate victims are

Microsoft claims to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries. In an update on August 15, the tech giant said it had disabled accounts used by the “Seaborgium” group for reconnaissance, phishing, and email collection, and updated detections against its phishing domains in Microsoft

by Paul Ducklin At the well-known DEF CON security shindig in Las Vegas, Nevada, last week, Mac cybersecurity researcher Patrick Wardle revealed a “get-root” elevation of privilege (EoP) bug in Zoom for Mac: Mahalo to everybody who came to my @defcon talk “You’re M̶u̶t̶e̶d̶ Rooted” 🙏🏽 Was stoked to talk about (& live-demo 😅) a

Only a fifth of North American organizations have cyber-insurance coverage over $600,000, leaving a potentially significant shortfall in funds if they are compromised by ransomware, according to BlackBerry. The security software developer teamed up with Corvus Insurance to produce its BlackBerry Cyber Insurance Coverage study, compiled from interviews with 450 IT decision makers in the

Vulnerabilities in Xiaomi’s mobile payment could lead to an attacker stealing private keys used to sign Wechat Pay control and payment packages. The flaws were found by Check Point Research (CPR) in Xiaomi’s trusted execution environment (TEE), the system element responsible for storing and managing sensitive information such as keys and passwords. “We discovered a

Social media giant Meta has announced it will start testing end-to-end encryption (E2EE) as the default option on its Facebook Messenger platform. The company made the announcement in a blog post on August 11, where it explained the feature will be initially available only to selected users. “If you’re in the test group, some of

A key NHS IT partner that was hit by a ransomware attack last week has said it could take three to four weeks before all systems are back to normal. Advanced runs several key systems for the health service, including clinical patient management software (Adastra) and financial management software (eFinancials). One of its most important

by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Schroedinger’s cat outlines in featured image via Dhatfield under CC BY-SA 3.0. You can listen to us on Soundcloud, Apple Podcasts, Google

The threat actor known as DeathStalker has continued to target and disrupt foreign and cryptocurrency exchanges around the world throughout 2022 using the VileRAT malware, according to security researchers from Kaspersky. The findings are detailed in an advisory published on August 10 2022, which mentions a number of VileRAT-focussed campaigns  supposedly perpetrated by DeathStalker, starting

by Paul Ducklin Here’s this week’s BWAIN, our jocular term for a Bug With An Impressive Name. BWAIN is an accolade that we hand out when a new cybersecurity flaw not only turns out to be interesting and important, but also turns up with its own logo, domain name and website. This one is dubbed

Security researchers from Check Point have spotted 10 malicious packages on Python Package Index (PyPI), the primary Python package index used by Python developers. The first of them was Ascii2text, a malicious package that mimicked the popular art package by name and description. “Interestingly, [threat actors] were smart enough to copy the entire project description without

A “perfect storm” of surging threats, economic headwinds and evolving regulations will see many organizations miss out on cyber-insurance in 2023, experts have warned. Insurers have been increasing premiums whilst reducing coverage over recent months in response to the rising frequency, severity and cost of cyber-attacks. UK pricing increased 102% in the first quarter of 2022,

by Paul Ducklin Popular collaboration tool Slack (not to be confused with the nickname of the world’s longest-running Linux distro, Slackware) has just owned up to a cybersecurity SNAFU. According to a news bulletin entitled Notice about Slack password resets, the company admitted that it had inadvertently been oversharing personal data “when users created or

North Korea stole hundreds of millions of dollars worth of crypto assets in at least one major hack, according to a confidential United Nations (UN) report seen by Reuters on Thursday. The document also reportedly suggests the US previously accused North Korea of carrying out cyber-attacks to fund its nuclear and missile programs. “Other cyber activity