The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated Thousands of security professionals descended on San Francisco this week to attend RSA Conference, the world’s leading gathering of the security community. What was the hottest topic at the event? You guessed it
Month: April 2023
Weekly cyber-attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The figures come from Check Point’s latest research report, which also suggests that the education and research sector experienced the highest number of attacks, rising to an
by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically built to
Apr 29, 2023Ravie LakshmananHealthcare / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq
A UK secondary school has confirmed it was hit by a cyber-incident affecting its IT network. Hardenhuish School in Chippenham, Wiltshire, confirmed the attack on Thursday, saying hackers gained access to network infrastructure and then demanded a ransom for restoring access. At the time of writing, it is unclear whether the school paid the ransom,
by Naked Security writer A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google. Google, it seems, decided to use its size, influence and network data to say, “No more!”, based on evidence it had collected
Apr 28, 2023Ravie LakshmananEndpoint Security / Cryptocurrency Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer. “The Atomic macOS Stealer can steal various types of information from the victim’s machine, including Keychain passwords,
ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software ESET researchers have discovered a campaign that we attribute to the APT group known as Evasive Panda, where update channels of legitimate applications were mysteriously hijacked to
Artificial Intelligence (AI) tooling was the hot topic at this year’s RSA Conference, held in San Francisco. The potential of generative AI in cybersecurity tooling has sparked excitement among cybersecurity professionals. However, questions have been raised about the practical usage of AI in cybersecurity and the reliability of the data used to build AI models.
by Paul Ducklin 2FA, HACKING, AND PATCHING No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our
Apr 27, 2023Ravie LakshmananBotnet / Cyber Crime Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and “decelerate” its growth. The tech giant’s Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to “not only
As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications Okay, so there’s this ChatGPT thing layered on top of AI – well, not really, it seems even the practitioners responsible for some of the most impressive machine learning
Lessons learned from the ongoing cyberwarfare that is raging between Russia and Ukraine ought to be applied to other scenarios, including ongoing tensions between China and Taiwan. Laura Galante, Director, Cyber Threat Intelligence Integration Center for the Office of the Director for National Intelligence, said during the RSA Conference 2023, “As we zoom out as
by Paul Ducklin The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. To explain, a 2FA (two-factor authentication) app is one of those programs that you run on your
Apr 26, 2023Ravie LakshmananLinux / Cyber Threat The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That’s according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting
Ransomware continues to be the biggest threat to Five Eyes collation nations and it is getting worse, with financial gains no longer the sole motivation for threat actors today. While speaking about how essential coalitions are to the fight against ransomware, Felicity Oswald, COO at the UK’s National Cyber Security Centre (NCSC), said that in
by Paul Ducklin We’ll be honest, and admit that we hadn’t heard of the printer management software PaperCut until this week. In fact, the first time we heard the name was in the context of cybercriminality and malware attacks, and we naively assumed that “PaperCut” was what we like to call a BWAIN. A BWAIN
Apr 25, 2023Ravie LakshmananNetwork Security / DDoS Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. “Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially
It is hard to imagine a link between climate change and cybersecurity, but there are a number of reasons why industry professionals need to pay attention to this existential threat. Highlighting the connections between the two, Chloe Messdaghi, CEO & Founder, Global Secure Partners, said that that the link between climate change and cybersecurity is
by Paul Ducklin If you’re a Google Chrome or Microsoft Edge browser fan, you’re probably getting updates automatically and you’re probably up to date already. However… …just in case you’ve missed any updates recently, we suggest you go and check right now, because the Chromium browser core, on which both Edge and Chrome are based,
Apr 24, 2023Ravie LakshmananCyber Espionage The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. “Tomiris’s endgame consistently appears to be the regular theft of internal documents,” security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. “The
Popular software tools such as Zoom, Cisco AnyConnect, ChatGPT and Citrix Workspace have been trojanized to distribute the malware known as Bumblebee. Secureworks’ Counter Threat Unit (CTU) analyzed the findings in a report published on Thursday, saying the infection chain for several of these attacks relied on a malicious Google Ad that sent users to
Apr 22, 2023Ravie LakshmananPatch Management / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows – CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability CVE-2023-27350 (CVSS score –
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques
The attack tool known as Evil Extractor and developed by a company called Kodex as an “educational tool,” has been used by threat actors to target Windows-based machines. The claims come from Fortinet security researchers and were described in an advisory published on Thursday. “[We] observed this malware in a phishing email campaign [disguised as account
Apr 22, 2023Ravie LakshmananSupply Chain / Cyber Threat Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of
Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks Did you mistakenly sell access to your network when you sold a decommissioned router? Recently, ESET researchers purchased several used core routers to set up a test environment, only to find that, in many cases, the previously
An employee from the US Consumer Financial Protection Bureau (CFPB) has reportedly forwarded confidential records of roughly 256,000 consumers and confidential supervisory information of approximately 50 institutions to a personal email account. Congressman Bill Huizenga addressed the claims in a letter to CFPB director, Rohit Chopra, dated April 18. “At the time of your notification,
by Paul Ducklin Logging software has made cyberinsecurity headlines many times before, notably in the case of the Apache Log4J bug known as Log4Shell that ruined Christmas for many sysadmins at the end of 2021. The Log4Shell hole was a security flaw in the logging process itself, and boiled down to the fact that many
Apr 21, 2023Ravie LakshmananKubernetes / Cryptocurrency A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. “The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report
- 1
- 2
- 3
- 4
- Next Page »