Month: November 2022

0 Comments
Researchers at Forescout have released details of more OT product vulnerabilities that they say stem from an “insecure-by-design” approach to manufacturing. The bugs, which include a critical denial of service (DoS) CVE, are found in products from German vendors Codesys and Festo. CVE-2022-4048 is a logic manipulation bug in the Codesys V3 automation software for
0 Comments
by Paul Ducklin Researchers at secure coding company Checkmarx have warned of porn-themed malware that’s been attracting and attacking sleazy internet users in droves. Unfortunately, the side-effects of this malware, dubbed Unfilter or Space Unfilter, apparently involve plundering data from the victim’s computer, including Discord passwords, thus indirectly exposing the victim’s contacts – such as
0 Comments
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm’s fingerprints all over it The ESET research team has spotted a new wave of ransomware attacks taking aim at multiple organizations in Ukraine and bearing the hallmarks of other campaigns previously unleashed by the Sandworm APT group. Even though the
0 Comments
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. “These issues exemplify either an
0 Comments
Police in Africa have arrested 10 people connected to global fraud worth an estimated $800,000, after a four-month operation, Interpol has revealed. The global policing organization said that 27 countries joined the Africa Cyber Surge Operation, which ran from July to November. Coordinated from the Interpol Command Centre in Kigali, Rwanda, the operation focused on
0 Comments
Google released new software patches on Thursday to address a new zero-day vulnerability in its Chrome web browser. Writing in a security bulletin, the tech giant described the high-severity vulnerability (tracked CVE-2022-4135) as a heap buffer overflow in the graphics processing unit (GPU) component. Google attributed the discovery of the vulnerability to Clement Lecigne from its
0 Comments
The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations This week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN. Since January 2022, Bahamut
0 Comments
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The
0 Comments
Authored by Dennis Pang What is antivirus? That’s a good question. What does it really protect? That’s an even better question.  Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections.
0 Comments
Remote monitoring and management (RMM) platform ConnectWise has patched a cross-site scripting (XSS) vulnerability that could lead to remote code execution (RCE). Security researchers at Guardio Labs wrote about the flaw earlier this week, saying threat actors could exploit it to take complete control of the ConnectWise platform. “After testing and validating several attack vectors,
0 Comments
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. “The FCC is committed to protecting
0 Comments
A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to “impersonate trusted corporations or contacts to access sensitive information from victims,” Europol said in a press statement. Worldwide losses exceeded €115 million ($
0 Comments
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed
0 Comments
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation
0 Comments
A Vietnam-based hacking operation dubbed “Ducktail” is targeting individuals and companies operating on Facebook’s Ads and Business platform. Security researchers at WithSecure discovered the campaign earlier this year and described new developments in an advisory published earlier today. “We don’t see any signs of Ducktail slowing down soon, but rather see them evolve rapidly in
0 Comments
Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late. IT security is often regarded as the “Department of No” and sometimes it’s easy to see why. In a world of escalating cyber-risk, expanding attack surfaces and a fast-growing cybercrime economy, security