Jun 22, 2023Ravie LakshmananVulnerability / Endpoint Security Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation
Month: June 2023
From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels As the mercury rises and we look forward to vacationing in sunnier climbs, it’s also time to keep one eye peeled for internet scams and cyberthreats. Travel
In our modern digital world, application programming interfaces (APIs) have become the backbone of our personal and professional Internet use. They enable a wide range of services, from our mobile applications to the Internet of Things (IoT) and banking transactions. APIs make up 70% of all web traffic observed by content delivery network provider Cloudflare.
by Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers and graphics cards. This week, the company published firmware updates for a wide range of its home routers, along with a strong warning that if you aren’t willing or able to update your firmware right
Jun 21, 2023Ravie LakshmananNetwork Security / Botnet A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work
Cybersecurity experts are grappling with how to secure use of ChatGPT and other generative AI tools such as Google Bard and Jasper. Netskope’s new security solution enhancements launched at Infosecurity Europe aim to do just that. Netskope, a Secure Access Service Edge (SASE) provider, has enhanced its Intelligent Security Service Edge (SSE) platform with a
by Paul Ducklin For the third time in about a week, cybersecurity law-and-order news includes a criminal case that’s been brewing for more than a decade. This time, the news is prison sentences for two of the main four original defendants in the infamous Megaupload saga. If you weren’t following cybersecurity a decade ago, we’ll
Jun 20, 2023Ravie LakshmananEndpoint Security / Password Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said
Security researchers have discovered 2.2 million breached credentials linked to the UK’s 100 top universities available on the dark web, putting staff, students and their data at risk. Crossword Cybersecurity’s Trillion risk monitoring service found the credentials, over half (54%) of which it claimed belong to elite Russel Group institutions. Read more on threats to
Jun 19, 2023Ravie LakshmananNetwork and Cloud Security Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. “These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies,
Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves Bullying of any kind can have a devastating impact on the victim’s well-being and life. Physical bullying, also known as face-to-face or in-person bullying, is still an issue in schools, with many researchers saying that its long-term
An updated version of the Android GravityRAT spyware targeting WhatsApp backups has been discovered by security researchers at ESET. In an advisory published by the firm on Thursday, ESET malware researcher Lukas Stefanko said the new variant of the malware is being distributed via two messaging apps called BingeChat and Chatico. GravityRAT is a remote
Jun 16, 2023Ravie LakshmananEndpoint Security / Network Security The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed
Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans? Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups? This week, ESET researchers revealed how an updated version of Android GravityRAT spyware is being spread as free messaging
The US Department of Justice (DoJ) has announced the arrest and charges filed against a Russian national accused of participating in cyber-attacks using the LockBit ransomware. Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, allegedly targeted computer systems in the United States, Asia, Europe and Africa. Astamirov is the second individual arrested in connection
by Paul Ducklin DON’T GET INTO THE HABIT OF A BAD HABIT Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul
Jun 17, 2023Ravie LakshmananCryptojacking / Network Security Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. “The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit,” Cado Security said in a
ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT is a remote access tool known to be used since at least
A zero-day vulnerability in the Barracuda Email Security Gateway (ESG) discovered in late May was exploited in a Chinese espionage campaign from October 2022, according to Mandiant. The Google-owned threat intelligence firm revealed in a new report yesterday that new threat actor UNC4841 began sending phishing emails as far back as October 10 last year.
by Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe for doing so is “immediately”, no ifs, no buts. Progress Software is the maker of file-sharing software MOVEit Transfer, and the hosted MOVEit Cloud alternative that’s based on it, and this is its third
Jun 16, 2023Ravie LakshmananCyber Attack / Ransomware Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that “could lead to escalated privileges
While not a ‘get out of jail free card’ for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident Cyber risk is on the rise as the combined impact of surging threat levels, expanding attack surfaces and security skills shortages are putting organizations at a disadvantage. Faced with an
Global organizations are becoming more resilient to cyber compromise, with over three-quarters (76%) of CISOs reporting no material breaches over the past year, according to Telstra Purple. The IT services business polled 182 members of private members forum ClubCISO to compile its tenth annual Information Security Maturity report. The findings revealed that a majority of
by Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related
The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020. That’s according to a joint bulletin published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and other partner
System administrators breathed a sigh of relief yesterday after Microsoft issued a relatively light patch update round, with no zero-day vulnerabilities and only six critical CVEs on the list. However, there was still some work to do. Among the 78 CVEs addressed was a critical SharePoint elevation of privilege bug (CVE-2023-29357), which Adam Barnett, lead software
by Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update, by the way): For a full list of this month’s Microsoft Patch Tuesday fixes, take a look at our sister site Sophos News, where SophosLabs analysts have collated complete lists of the
Jun 14, 2023Ravie LakshmananWebsite Security / Hacking A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30,
Security researchers have discovered a breach at Zacks Investment Research dating all the way back to 2020, which appears to have impacted millions of customers. The stock research and analysis firm has so far made no public disclosure about the incident. However, a post on breach site HaveIBeenPwned revealed that a trove of data numbering
by Naked Security writer Remember Mt. Gox? Originally, it was a card-trading site called MTGOX, short for Magic The Gathering Online Exchange (there was no sense of “Mountain” in the name at all), but the domain changed hands in the early days of cryptocurrency. Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox