Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage. Online fraud can be thought of as a price we pay for the ubiquity of digital services. These services make our lives easier, healthier, safer and more entertaining. But there are
Month: March 2023
A total of 13 vulnerabilities have been found in the E11 smart intercom devices made by Chinese manufacturer Akuvox, allowing remote code execution (RCE), network access and more. Writing in an advisory published last week, Vera Mens, a security researcher at Claroty’s Team82, said the flaws could be exploited via three different attack vectors: RCE
by Paul Ducklin Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash. Microsoft has tried many things over the years to shake that nickname “BSoD”, including changing the background colour used when crash
Mar 13, 2023Ravie LakshmananWeb Security / Cyber Threat A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP
Here’s a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them. With more than two billion users, WhatsApp offers a vast pool of potential targets for scammers. To make things more complicated, fraudsters aren’t known for
New Linux versions of the IceFire ransomware were deployed in February, against enterprise networks of several media and entertainment sector organizations worldwide. According to security researchers at SentinelOne, the campaign leveraged the exploitation of CVE-2022-47986, a recently patched deserialization vulnerability in IBM Aspera Faspex file-sharing software. “The operators of the IceFire malware, who previously focused only
Mar 10, 2023Ravie LakshmananNetwork Security / Cyber Threat A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. “The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades,” cybersecurity company Mandiant said in a technical
A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it sounds Have you ever been asked to move an online conversation to another – and supposedly more secure – platform? This technique, often used by romance scammers, was recently used against a number of Indian
The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report. Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.” Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting
Mar 11, 2023Ravie LakshmananCyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom.
A new variant of the Xenomorph Android banking trojan has been spotted by ThreatFabric security researchers and classified as Xenomorph.C. The variant, developed by the threat actor known as Hadoken Security Group, represents a substantial upgrade from the malware previously observed by ThreatFabric, according to an advisory published by the company earlier today. “This new
by Paul Ducklin Chinese “fast fashion” brand SHEIN is no stranger to controversy, not least because of a 2018 data breach that its then-parent company Zoetop failed to spot, let alone to stop, and then handled dishonestly. As Letitia James, Attorney General of the State of New York, said in a statement at the end
Mar 10, 2023Ravie LakshmananEndpoint Security / Hacking An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet
An astrobiologist, analog astronaut, author and speaker, Dr. Michaela Musilova shares her experience as a woman at the forefront of space exploration and from her quest for scientific and personal excellence When we talk about space adventures, our minds are likely to wander to famed astronauts. However, we often forget that there is a lot
The Remcos Trojan has returned to the top ten list (in eighth position) of most wanted malware by Check Point Software for the first time since December 2022. According to the latest report published by the company earlier today, threat actors used Remcos extensively in February to target Ukrainian government entities through phishing attacks. The
by Paul Ducklin YOU MUST HAVE THIS CHIP! EVEN IF IT HAS BUGS! Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
Mar 09, 2023Ravie LakshmananThreat Intelligence / Malware Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on
The White House and a bipartisan group of 12 senators have endorsed the Risk Information and Communications Technology (RESTRICT) Act on Tuesday. The legislation is designed to empower the US administration to potentially ban foreign producers of electronics or software deemed a national security risk by the Commerce Department and its current head, Gina Raimondo.
Mar 08, 2023Ravie Lakshmanan A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All
ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information ESET researchers have identified an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users – presumably with a military or political orientation. Victims were probably targeted through a honey-trap
The threat actor known as Sharp Panda has been observed targeting Southeast Asian government entities with a toolset first discovered in 2021. The Check Point Research (CPR) team described the new campaign in an advisory published earlier today. While the campaign seen in 2021 used a custom backdoor called VictoryDll, the latest one observed by
by Paul Ducklin Even if you’re not entirely sure what a TPM is, you’ll probably know that if you want to run Windows 11, you need one. More precisely, you need a TPM 2.0 (although there’s an official Microsoft workaround to get by with TPM 1.2, the previous, incompatible version of the technology). TPM is
Mar 07, 2023Ravie LakshmananData Safety / Cyber Threat Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and
Two out of every five (40.6%) operational technology (OT) computers used in industrial settings have been affected by malware in 2022. The data comes from a report published earlier today by security researchers at Kaspersky. The figures represent a 6% increase compared with the previous half of the year and almost 1.5 times more than
by Naked Security writer You’ve almost certainly heard of the ransomware family known as DoppelPaymer, if only because the name itself is a reminder of the double-barrelled blackmail technique used by many contemporary ransomware gangs. To increase the pressure on you to pay up, so-called double-extortionists not only scramble all your data files so your
Mar 06, 2023Ravie LakshmananNetwork Security / Malware A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed
The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. As a result, the first publicly known
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning system defenders against the Royal Ransomware group. Part of the Agency’s #StopRansomware campaign, the document was released on Thursday in collaboration with the FBI and describes tactics, techniques and procedures (TTPs) alongside indicators of compromise (IOCs) associated with Royal ransomware variants. The
Mar 04, 2023Ravie LakshmananBanking Security / Cyber Crime A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. “The ATM malware is hidden inside another not-malicious-looking program,” Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via
A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their