Online Pitstop

The US Department of Justice (DoJ) is doubling the size of the team investigating cryptocurrency crime, with the fight against ransomware “an urgent priority.” In a speech at the Center for Strategic and International Studies on Thursday, July 20, Principal Deputy Assistant Attorney General Nicole M. Argentieri announced the merger of the National Cryptocurrency Enforcement

Security behavior change firm Hoxhunt has published its latest research highlighting employees’ resilience in critical infrastructure, showing a higher engagement level in identifying and reporting phishing attempts. Titled Human Cyber-Risk Report: Critical Infrastructure, the document investigates the human risk factor within the critical infrastructure sector, analyzing data from over 15 million phishing simulations and actual email attacks

by Paul Ducklin SING US A CYBERSECURITY SONG Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and

The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known as WyrmSpy and DragonEgg. A new report published by cybersecurity firm Lookout on July 19, 2023, highlighted the findings, mentioning APT41’s history of targeting both government organizations and private enterprises for espionage and financial gain.

by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including

Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform. On July 11, 2023, Adobe released patches for several vulnerabilities affecting ColdFusion, including a Rapid7-discovered access control bypass vulnerability (CVE-2023-29298) and an insecure deserialization vulnerability allowing arbitrary code execution (CVE-2023-29300). However, Rapid7 has recently observed that

by Paul Ducklin Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away. As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document. But what names they were! The

Conor Brian Fitzpatrick, famously known as “Pompompurin,” has entered a guilty plea for hacking charges in the United States District Court for the Eastern District of Virginia, Alexandria Division.  This comes after the US government recently seized the surface web domains linked to the notorious cybercrime marketplace, BreachForums, even though Fitzpatrick had been arrested months

Windows users have been targeted again by the sophisticated malware known as LokiBot, which is spreading through malicious Office documents.  According to a new advisory by Fortinet security researcher Cara Lin, attackers are leveraging known vulnerabilities, such as CVE-2021-40444 and CVE-2022-30190, to embed malicious macros within Microsoft Office documents.  Once executed, these macros drop the

A new threat actor group has been observed conducting a series of cyber-attacks targeting government entities, military organizations and civilian users in Ukraine and Poland.  According to a new advisory by Cisco Talos, the malicious campaigns started in April 2022 and are currently ongoing. They primarily aim at stealing valuable information and establishing persistent remote

by Paul Ducklin You’re probably familiar with the word gaslighting, used to refer to people with the odious habit of lying not merely to cover up their own wrongdoing, but also to make it look as though someone else is at fault, even to the point of getting the other person to doubt their own

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business email compromise (BEC) attacks, according to new findings shared by security firm SlashNext. “We’re now seeing an unsettling trend among cyber-criminals on forums, evident in discussion threads offering ‘jailbreaks’ for interfaces like ChatGPT,” wrote security

by Paul Ducklin Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X,

A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident Response and Security Teams (FIRST) on July 13, 2023. CVSS is the open industry standard for assessing the severity of computer system security vulnerabilities, helping organizations prioritize their vulnerability management processes. It provides a method

by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and