A DocuSign brand impersonation attack has been observed bypassing native cloud and inline email security solutions and targeting over 10,000 end users across multiple organizations. The findings come from security researchers at Armorblox, who described the new threat in an advisory shared with Infosecurity via email. “At first glance, the email seems to be a
Month: January 2023
by Paul Ducklin Another day, another access-token-based database breach. This time, the victim (and in some ways, of course, also the culprit) is Microsoft’s GitHub business. GitHub claims that it spotted the breach quickly, the day after it happened, but by then the damage had been done: On December 6, 2022, repositories from our atom,
Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don’t know either. No matter the organization’s size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound
A malicious live software service named TrickGate has been used by threat actors to bypass endpoint detection and response (EDR) protection software for over six years. The findings come from Check Point Research (CPR), who shared them with Infosecurity earlier today. Described in a new advisory, the research also suggests that several threat actors from groups
Jan 30, 2023Ravie LakshmananThreat Detection / Malware A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. “The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and
Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country ESET researchers have uncovered a new wiper attack in Ukraine that they attribute to the Sandworm APT group. Dubbed SwiftSlicer, the destructive malware was spotted on the network of a targeted organization on January 25th. It was deployed through Group Policy, which suggests
An operation responding to a Black Basta ransomware compromise has revealed the use of a new PlugX malware variant that can automatically infect any attached removable USB media devices. Palo Alto Networks Unit 42 shared the findings with Infosecurity earlier today, adding that the new PlugX variant is “wormable” and can infect USB devices in
by Paul Ducklin Over the years, we’ve written and spoken on Naked Security many times about the thorny problem of DNS hijacking. DNS, as you probably know, is short for domain name system, and you’ll often hear it described as the internet’s “telephone directory” or “gazetteer”. If you’re not familiar with the word gazeteer, it
Jan 29, 2023Ravie LakshmananCyber Threat / Malware The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.” Gootkit,
Data Privacy Week is a reminder to protect your data – all year round. Here are three privacy-boosting habits you can start today. Every action we take on the internet generates data that is shared with online services and other parties. It stands to reason, then, that we need to assert control over how much
Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. “During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR,” Brinkrolf wrote. “A combination of
by Naked Security writer Six months ago, according to the US Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) infiltrated the Hive ransomware gang and started “stealing back” the decryption keys for victims whose files had been scrambled. As you are almost certainly, and sadly, aware, ransomware attacks these days typically involve two
Jan 28, 2023Ravie LakshmananEmail Security / Cyber Threat Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the
The data trail you leave behind whenever you’re online is bigger – and more revealing – than you may think “The lampposts are listening to me; I am sure that the adverts I see online are from a conversation I had walking down the street.” Yes, someone I know claims this is happening to them.
A malicious campaign impersonating American financial advisors has been spotted targeting several hundred individuals in West Africa. Recently discovered by cybersecurity experts at DomainTools, the ‘pig butchering’ operation uses a complex network of social engineering techniques to defraud victims. Describing the activity in an advisory shared with Infosecurity, DomainTools said most attacks from the unnamed threat
by Paul Ducklin The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people. The victims are said to live in countries as far apart as Austria, China, Columbia, the
Jan 27, 2023Ravie LakshmananThreat Response / Cyber Crime Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona “badbullzvenom.” eSentire’s Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it “found multiple mentions of the badbullzvenom account being shared
Looking for an alternative to Twitter and thinking about joining the folks flocking to Mastodon? Here’s how the two platforms compare to each other. From restructuring their workforces to facing big fines, big tech companies have been on a roller coaster ride recently – but certainly none quite as much as Twitter. Indeed, Twitter has
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory to warn network defenders about the malicious use of legitimate remote monitoring and management (RMM) software tools. The document, published Wednesday in collaboration with the National Security Agency (NSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), also mentions an October 2022
by Paul Ducklin BREACHES, PATCHES, LEAKS AND TWEAKS Latest epidode – listen now. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify,
Jan 26, 2023Ravie LakshmananThreat Analysis Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. “Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs,” the company’s Threat Analysis Group (TAG) said in
Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future Videogames are now so popular that the number of players worldwide topped 3 billion last year! The boom goes far beyond gaming consoles and the most recognized gaming platforms, such as PlayStation,
Ticketmaster has claimed they were hit by a cyber-attack in November 2022 that led to extensive issues with ticket sales for Taylor Swift’s US tour. Joe Berchtold, president of Live Nation, Ticketmaster’s parent company, made the revelations at a US congressional committee Tuesday. “We were […] hit with three times the amount of bot traffic
by Paul Ducklin GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions
Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play? First social apps, now gaming? The growth of cloud-powered apps like Telegram and Teams has created mega communities out of their users. Many of these apps have opened the door
There is significant disconnect between consumer expectations and organizations’ approaches around privacy, especially regarding the use of AI. This according to Cisco’s 2023 Data Privacy Benchmark Study which encompassed insights from 3100 security professionals familiar with the data privacy program at their organizations and their responses to consumer attitudes to privacy from the earlier Cisco 2022 Consumer Privacy
by Paul Ducklin Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we’d already decided that iOS 12 had slipped (or perhaps
Jan 24, 2023Ravie LakshmananCyber Espionage / Golang Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. “The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code
Nearly 60% of the cybersecurity recommendations made by the US Government Accountability Office (GAO) since 2010 have yet to be implemented by federal agencies. The Office unveiled the figures in a release last Thursday, adding that out of 335 public recommendations, 190 still needed to be implemented. “Until these are fully implemented, federal agencies will
- 1
- 2
- 3
- 4
- Next Page »