0 Comments
Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page Digital Defense Report, said it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” making it imperative that organizations
0 Comments
The LockBit hacking group has claimed responsibility for the August cyber-attack against the multinational automotive group Continental. The ransomware gang made the announcement on its leak site on Wednesday and is threatening to publish the company’s data unless the ransom is paid over the next few hours of today (Friday). On the dark web blog
0 Comments
by Paul Ducklin Yesterday, we wrote about the waited-for-with-bated-breath OpenSSL update that attracted many column-kilometres of media attention last week. The OpenSSL team announced in advance, as it usually does, that a new version of its popular cryptographic library would soon be released. This notification stated that the update would patch against a security hole
0 Comments
This week’s news offered fresh reminders of the threat that ransomware poses for businesses and critical infrastructure worldwide A number of reports published this week offered a reminder of the threat that ransomware poses for organizations and critical infrastructure worldwide, and were also an indication of the enormous repercussions that a successful ransomware attack can
0 Comments
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer. “The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,”
0 Comments
The individuals behind the Black Basta ransomware have been linked to hacking operations conducted by the FIN7 threat actors. According to a new advisory by SentinelLabs, Black Basta actors have used a custom defense impairment tool (found exclusively in incidents by this specific threat actor) in several instances. “Our investigation led us to a further
0 Comments
What you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, estimated income, purchasing habits, and any political affiliations you may have—all pretty personal information, right? Well, there’s a good chance that anyone can find it online. All it takes is your name and address.  
0 Comments
The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. “This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications,” Zscaler ThreatLabz researcher Sudeep Singh said in a Thursday
0 Comments
The US Department of Justice (DoJ) has published a document highlighting charges against eight individuals for their participation in a Racketeer Influenced and Corrupt Organizations (RICO) conspiracy that involved hacking and tax fraud. US attorney Roger B. Handberg announced the partial unsealing of the indictment on Tuesday, charging Andi Jacques, Monika Shauntel Jenkins, Louis Noel
0 Comments
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. “These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower,” SonarSource researcher Stefan Schiller
0 Comments
A major hospital in Osaka, Japan, has suspended routine medical services following a ransomware cyber-attack that disrupted its electronic medical record systems. Emergency operations are continuing, but Osaka General Medical Center officials told reporters on Monday that the hospital system failed earlier today and could not be accessed. They have also reported that a contractor
0 Comments
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new series of guidelines to help federal agencies defend against distributed denial-of-service (DDoS) attacks. The Capacity Enhancement Guide has been published in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It provides organizations with proactive steps
0 Comments
by Paul Ducklin Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family…
0 Comments
Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software.   Increasing your personal device’s
0 Comments
The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week. Fodcha
0 Comments
The threat actors behind the Raspberry Robin worm have been associated with a complex and interconnected malware ecosystem comprising the Clop and LockBit ransomware groups. The findings come from Microsoft, which has said the worm had alternate infection methods beyond its original USB drive spread. “These infections lead to follow-on hands-on-keyboard attacks and human-operated ransomware
0 Comments
Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. “These droppers continue the unstopping evolution of malicious apps sneaking to the official store,” Dutch mobile security firm ThreatFabric
0 Comments
A previously undocumented dropper has been spotted installing backdoors and other tools using the new technique of reading commands from apparently innocuous Internet Information Services (IIS) logs. The dropper has been discovered by cybersecurity researchers at Symantec, who said an actor is using the piece of malware dubbed Cranefly (aka UNC3524) to install another piece