A vulnerability has been discovered in the KeePass password management software (v2.X), allowing an attacker to dump the master password from the program’s memory. The vulnerability (CVE-2023-32784) was discovered by security researcher Dominik Reichl and is expected to be resolved in the upcoming release of KeePass 2.54 in early June 2023. Reichl described the flaw
Month: May 2023
The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.in
Don’t download software from non-reputable websites and sketchy links – you might be in for more than you bargained for Chances are good that you have, at some point, searched for free stuff online, including software, movies, TV shows, or live streams of sports matches. But the truth is that this search for “free” may
Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cyber-criminals. The Cyber Signals report, titled “The Confidence Game,” provides a comprehensive analysis of the threat landscape from April 2022 to April 2023, suggesting the company’s systems currently detect and investigate an
by Paul Ducklin AN INSIDER ATTACK (WHERE THE PERP GOT CAUGHT) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop
May 20, 2023Ravie LakshmananMobile Security / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as
A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet Internet security is a constant concern for technology and cybersecurity professionals. With the ever-increasing number of online devices and services, it is important to have a clear and accurate view
China–Taiwan tensions have led to a significant increase in cyber-attacks targeting Taiwan, according to a new report by security experts at Trellix. In particular, the company spotted a surge in cyber-attacks aimed at Taiwanese industries, with the primary goal of deploying malware and stealing sensitive information. “Trellix has observed a surge in malicious emails targeted
by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system update that takes you to
May 19, 2023Ravie LakshmananZero-Day / Endpoint Security Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below – CVE-2023-32409 – A WebKit flaw that
Before rushing to embrace the LLM-powered “hire”, make sure your organization has safeguards in place to avoid putting its business and customer data at risk Chatbots powered by large language models (LLMs) are not just the world’s new favorite pastime. The technology is increasingly being recruited to boost workers’ productivity and efficiency, and given its
Several new ways of effectively abusing Microsoft Teams via social engineering have been discovered by security researchers at Proofpoint. “[We] recently analyzed over 450 million malicious sessions, detected throughout the second half of 2022 and targeting Microsoft 365 cloud tenants,” reads a report published by the company earlier today. “According to our findings, Microsoft Teams is
by Naked Security writer He goes by many names, according to the US Department of Justice. Mikhail Pavlovich Matveev, or just plain Matveev as he’s repeatedly referred to in his indictment, as well as Wazawaka, m1x, Boriselcin and Uhodiransomwar. From that last alias, you can guess what he’s wanted for. In the words of the
May 18, 2023Ravie LakshmananNetwork Security / Vulnerability Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. “These vulnerabilities are due to improper validation of requests that are
Why do people still download files from sketchy places and get compromised as a result? One of the pieces of advice that security practitioners have been giving out for the past couple of decades, if not longer, is that you should only download software from reputable sites. As far as computer security advice goes, this
Summary Secureworks® Counter Threat Unit™ (CTU) researchers have observed infostealers (also known as stealers) playing an increasingly important role in the cybercrime ecosystem. This type of malware can steal sensitive information such as login credentials, financial details, and personal data from compromised computers and networks. Infostealers can be installed on a computer or device via
A Chinese state-sponsored APT group known as Camaro Dragon has been observed exploiting TP-Link routers via a malicious firmware implant. The findings come from security experts at Check Point Research (CPR) and were described in an advisory published by the company earlier today. “The implant features several malicious components, including a custom backdoor named ‘Horse
by Paul Ducklin Researchers at IoT security company Sternum dug into a popular home automation mains plug from well-known device brand Belkin. The model they looked at, the Wemo Mini Smart Plug (F7C063) is apparently getting towards the end of its shelf life, but we found plenty of them for sale online, along with detailed
May 16, 2023Ravie LakshmananNetwork Security / Threat Intel The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom
New information has emerged regarding the Qilin ransomware group’s operations and Ransomware-as-a-Service (RaaS) program. In their latest research study, Group-IB’s threat intelligence team said it infiltrated and analyzed Qilin’s inner workings, revealing insights into its targeting of critical sectors and the sophisticated techniques they employed. Qilin, also known as Agenda ransomware, has emerged as a
by Paul Ducklin Here’s how the French data protection regulator describes controversial facial recognition service Clearview AI, in its own words, in clear and plain English: CLEARVIEW AI collects photographs from a wide range of websites, including social networks, and sells access to its database of images of people through a search engine in which
May 15, 2023Ravie LakshmananNetwork Security / SCADA Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. The 11
A newly discovered vulnerability in the Essential Addons for Elementor plugin has put over one million WordPress websites at risk of attacks aimed at gaining unauthorized access to user accounts with elevated privileges. Cybersecurity experts at Patchstack described the new vulnerability (CVE-2023-32243) in an advisory published on Thursday. “This plugin suffers from an unauthenticated privilege
May 12, 2023Ravie LakshmananNetwork Security / Malware As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. “Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into
Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize There was a time when parents didn’t have to worry much about their children’s digital activities. A single, centralized computer in the house was the only gateway to the internet, and could
Toyota Motor Corp acknowledged earlier today that the vehicle data of approximately 2.15 million users was publicly accessible in Japan for nearly a decade, from November 2013 to mid-April 2023. Reuters first reported the news, specifying that according to Toyota spokesperson Hideaki Homma, the issue with Toyota’s cloud-based Connected service affects only vehicles in Japan. The
May 13, 2023Ravie Lakshmanan A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. “Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates
What have some of the world’s most infamous advanced threat actors been up to and what might be the implications of their activities for your business? This week, ESET researchers released a new issue of the APT Activity Report that looks at the activities of selected advanced persistent threat (APT) groups from October 2022 to
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned against a critical flaw discovered in PaperCut software, which has now been linked to a series of ransomware attacks. The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cyber-criminals to remotely execute malicious code without requiring any authentication credentials. Consequently, these
by Naked Security writer This wasn’t your typical cyberextortion situation. More precisely, it followed what you might think of as a well-worn path, so in that sense it came across as “typical” (if you will pardon the use of the word typical in the context of a serious cybercrime), but it didn’t happen in the