Jul 20, 2023THNCyber Attack / Malware The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that’s capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a
Month: July 2023
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud As European football teams prepare to kick-off their summer soccer tours in the USA it provides a huge opportunity for local fans to see some of the top teams and players in
University students have been warned to be on their guard after researchers discovered a new scam campaign based around fake job offers. Proofpoint said the campaign began in March 2023 and continued through to June, targeting mainly students in North America with emails purporting to come from employers in the bioscience, healthcare and biotechnology sectors.
by Paul Ducklin Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away. As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document. But what names they were! The
Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more
A suspected scammer who used scareware to trick hundreds of thousands of global victims into handing over money has been arrested by Spanish police. The unnamed Ukrainian national was apprehended at Barcelona’s El Prat airport after managing to evade capture for over a decade, according to the Policia Nacional. They were apparently supported by the
Jul 18, 2023THNPrivacy / Malware Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, have leaked on the internet. The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday. Launched in 2004, VirusTotal is
A new discussion paper has set out recommendations for the European Union (EU) on how to ensure member states are protected against quantum-enabled cyber-attacks. Written by Andrea G. Rodríguez, Lead Digital Policy Analyst at the European Policy Centre, the paper A quantum cybersecurity agenda for Europe emphasized the urgent need for a new EU Coordinated
Jul 17, 2023The Hacker NewsAttack Surface Management The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business? For anyone ready to find an attack surface management (ASM) vendor,
A new threat actor group has been observed conducting a series of cyber-attacks targeting government entities, military organizations and civilian users in Ukraine and Poland. According to a new advisory by Cisco Talos, the malicious campaigns started in April 2022 and are currently ongoing. They primarily aim at stealing valuable information and establishing persistent remote
by Paul Ducklin You’re probably familiar with the word gaslighting, used to refer to people with the odious habit of lying not merely to cover up their own wrongdoing, but also to make it look as though someone else is at fault, even to the point of getting the other person to doubt their own
Jul 15, 2023THNCyber Attack / Enterprise Security Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. “Storm-0558 acquired an inactive MSA consumer
Here’s how cybercriminals have adjusted their tactics in response to Microsoft’s stricter security policies and other interesting findings from ESET’s new Threat Report This week, the ESET research team released the H1 2023 ESET Threat Report that examines the key trends and developments that shaped the cybersecurity landscape from December 2022 to May 2023. Among
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business email compromise (BEC) attacks, according to new findings shared by security firm SlashNext. “We’re now seeing an unsettling trend among cyber-criminals on forums, evident in discussion threads offering ‘jailbreaks’ for interfaces like ChatGPT,” wrote security
by Paul Ducklin Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X,
Jul 15, 2023THNArtificial Intelligence / Cyber Crime With generative artificial intelligence (AI) becoming all the rage these days, it’s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been
Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar? It all began innocently enough when a Tesla employee received an invitation from a former associate to catch up over drinks. Several wining and dining sessions later, the old acquaintance made his real intentions
A leading UK security agency has revealed several approaches that could reduce or eliminate the need for organizations to run a time- and resource-consuming Security Operations Center (SOC). The SOC has become an increasingly important function for security operations (SecOps) teams tasked with detecting, hunting and responding to cyber-threats. However, it can require a significant
by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and
Jul 14, 2023The Hacker NewsSaaS Security / Cybersecurity As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data. To effectively address insider
A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts We are pleased to present the latest issue of ESET Threat Report, which brings changes aimed at making its contents more engaging and accessible. One notable modification is our new approach
This year could be another record breaker for data compromise following 951 publicly reported incidents in the second quarter, a leading non-profit has warned. The Identity Theft Resource Center (ITRC) has been tracking publicly reported data breaches and exposures since 2005. While the figures for Q2 2023 represent a 114% increase on the previous three
by Paul Ducklin This Tuesday, 2023-07-11, was Microsoft’s Patch Tuesday for July 2023, so here’s a brief reminder to do two things: Patch early, patch often. More than 100 vulnerabilities were patched this month, including four zero-day security holes for which working exploit code already exists. Even though everyone was at risk until Tuesday, it’s
Jul 13, 2023THNOT/ICS, SCADA Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). “The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration,
A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot
Security researchers have recorded a 62% year-on-year (YoY) increase in phishing websites and a 304% surge in scam pages in 2022. Group-IB’s new Digital Risk Trends 2023 report out today classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over
by Paul Ducklin Betteridge’s Law of Headlines insists that any headline posed as a question can instantly be answered with a simple “No.” Apparently, the theory behind this witticism (it’s not actually a Law, nor yet a rule, nor even in fact anything more than a suggestion) is that if the author knew what they
Jul 12, 2023The Hacker NewsDNS Filtering / Network Security Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize
A Moroccan man has been charged with four counts relating to a scheme to steal nearly half-a-million dollars’ worth of cryptocurrency and non-fungible tokens (NFT) from a US victim. Soufiane Oulahyane, 25, allegedly operated a phishing website that spoofed NFT marketplace OpenSea in order to access victims’ cryptocurrency wallets and steal their money and NFTs.
by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download when you decide to fetch