A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891,
The UK’s National Cyber Security Centre (NCSC) has launched a significant public awareness campaign to encourage stronger security practices for emails and other digital accounts. The campaign offers actionable cybersecurity guidance to the public, in line with the UK government’s Cyber Aware advice. The first of these recommends using passwords containing three random words, ensuring they are unique, strong
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML
The UK’s landmark Online Safety Bill has been introduced to Parliament today. The legislation was drafted in May last year and contained measures to tackle a range of digital harms, including child sexual abuse, terrorist material, fraud and online abuse. New obligations will be placed on social media firms and other services hosting user-generated content to prevent
by Paul Ducklin Last year, we wrote about a research paper from SophosLabs that investigated malware known as CryptoRom, an intriguing, albeit disheartening, nexus in the cybercrime underworld. This “confluence of criminality” saw cybercrooks adopting the same techniques as romance scammers to peddle fake cryptocurrency apps instead of false love, and fleece victims out of
I’m about to tell you an extraordinary fact about cybercrime. Some of the most significant data breaches in internet history weren’t after bank account numbers, cryptocurrency, or even credit card numbers. They were, in fact, after YOU. That’s right, the most valuable data on the internet is the data that comprises your identity. Let’s take
The US military knows it needs to speed up technology adoption through optimization, something at the heart of Silicon Valley culture The U.S. military won’t soon be adopting open-plan work environments, flexible PTO, free ubiquitous food, and lean manufacturing processes, although Silicon Valley wants it to. At the recent Rocky Mountain Cyberspace Symposium, both were
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. “By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds
Mobile applications with tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point. The security vendor’s three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database. Throughout the study,
by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. To sidestep rumours based on the title alone (which some readers might interpret as an attack
Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it. There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more
An overview of some of the most popular open-source tools for threat intelligence and threat hunting As the term threat intelligence can be easily confounded with threat hunting, we will first endeavor to outline some of the differences between them. Threat intelligence refers to the aggregation and enrichment of data to create a recognizable profile
Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over “doubts about the reliability of the manufacturer.” Calling that the decision was made on “political grounds,” the company said it will “continue to assure our partners
More than two million mobile malware samples were detected in the wild last year, with threats impacting over 10 million devices globally, according to new data from Zimperium. The mobile security vendor compiled its 2022 Global Mobile Threat Report based on insight collected from its security research team and a survey of global tech leaders. It claimed
by Paul Ducklin As almost everyone who doesn’t live in North America knows… …American dates are weird! Those of us who care about these things use YYYY-MM-DD, because writing 2022-03-14 is undoubtedly the easiest way of avoiding ambiguity in dates, givem that the four-digit part is obviously the year, and everyone who writes the year
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and
This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m.
Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper “CaddyWiper,” which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated
Strong customer authentication (SCA) rules for e-commerce have come into force in the UK today following delays due to the COVID-19 pandemic. The new measures mean UK shoppers will have to provide a combination of two forms of identification at checkout when making an online purchase. These will be two of the following forms of verification: knowledge
A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a
French bank BNP Paribas has reportedly blocked its Russian-based employees from accessing its internal computer systems. According to a Reuters source, the bank rescinded the access privileges of its Russian workforce over fears that connections to the local network could leave BNP Paribas vulnerable to cyber-attacks by Russian threat actors. The restriction is reportedly part of the French lender’s
What is Ransomware? Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay.
Meta Platforms’ WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service’s web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to “automatically verif[y] the authenticity of the WhatsApp Web code being
Czech-based multinational cybersecurity software company Avast has suspended the sale and marketing of its products in Russia and Belarus. In a statement shared Thursday, Avast said it was ceasing business in Russia and offering its premium products free of charge to the people of Ukraine. “With immediate effect, we have withdrawn the availability of all of our products
by Naked Security writer In cybersecurity history, the US Independence Day weekend of 2021 is not remembered for the restful and relaxing summer celebrations that you’d usually associate with the Fourth of July. Instead, it’s remembered as the weekend of the infamous Kaseya ransomware attack. This was ransomware-with-a-difference, and the difference was the ultimate scale
Who loves tax season besides accountants? Scammers. Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same
Ukraine has been under cyber-fire for years now – here’s what you should know about various disruptive cyberattacks that have hit the country since 2014 On February 24th, Russia invaded Ukraine. Just a few hours earlier, ESET discovered a destructive piece of malware that wrought havoc on the computer networks of a number of important
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It’s, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of
Advances in cybersecurity must focus on increasing trust in digital technologies, according to Professor Adam Joinson, director of DiscribeHub+ and Professor of Information Systems at the University of Bath. This message was delivered during a talk about the socioeconomic impact of security on trust at the final leg of Digital Security by Design (DSbD) Roadshow in Northern Ireland, UK,