Aug 19, 2023THNMalvertising / Website Security Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that’s engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering
Month: August 2023
A recent cybersecurity study has brought to light a concerning vulnerability crisis affecting web applications. CyCognito’s semi-annual State of External Exposure Management report unveiled a distressing landscape of digital threats across public cloud, mobile and web platforms. The comprehensive analysis of 3.5 million assets, encompassing Fortune 500 entities, highlights the precarious state of data security. The
by Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go
Aug 18, 2023THNCyber Crime / Hacking News A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced Friday. The exercise, conducted in partnership with AFRIPOL, enabled investigators to identify 20,674 cyber networks that were linked to financial losses of more than $40 million. “The four-month
Aqua Nautilus has uncovered critical vulnerabilities persisting within the PowerShell Gallery, resulting in a fertile ground for malicious actors to exploit and launch attacks. These vulnerabilities, described in an advisory published on Wednesday, pertain to naming policies, package ownership verification and exposure of unlisted modules. The PowerShell Gallery, an essential repository for PowerShell content, is
by Paul Ducklin CELEBRATING THE TRUE CRYPTO BROS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our
Aug 17, 2023THNMobile Security / Vulnerability Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline. The method “tricks the victim into thinking their device’s Airplane Mode works when
A widespread cyber-attack targeting thousands of Citrix NetScalers has been unveiled by cybersecurity firm Fox-IT (part of NCC Group) in collaboration with the Dutch Institute of Vulnerability Disclosure (DIVD). The campaign involved exploiting a critical vulnerability, CVE-2023-3519, which allowed malicious actors to infiltrate and compromise vulnerable NetScalers, even after patches and reboots. Describing the threat in
Aug 16, 2023The Hacker News At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The 2023 Verizon Data Breach
A new study by IT security solutions provider Utimaco has revealed the prevailing lack of trust in Internet of Things (IoT) devices. The report, Circles of Trust 2023: Exploring Consumer Trust in the Digital Society, published earlier today, suggests only 14% of consumers view smart devices as secure, despite 38% using them. As societies become increasingly
by Paul Ducklin It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don’t actually
Aug 15, 2023THNLinux / Ransomware The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools
Alberta Dental Service Corporation (ADSC) has revealed that nearly 1.47 million individuals have been affected by a data breach that occurred between May 7 and July 9 2023. ADSC, a partner of the Government of Alberta, US, administers dental benefits through various programs, and the incident has raised concerns over compromised personal information. The breach was
by Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the
Aug 14, 2023THNWebsite Security / Vulnerability E-commerce sites using Adobe’s Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully
A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting a critical infrastructure power generator in a southern African nation. Echoing the high-profile Darkside Colonial Pipeline breach of 2021, the incident occurred during the third and fourth weeks of March 2023, according to a new
Aug 12, 2023THNServer Security / Cyber Threat Multiple security vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry severity scores
Multiple vulnerabilities have been identified in the widely used Avada theme and its accompanying Avada Builder plugin. These security flaws, uncovered by Patchstack’s security researcher Rafie Muhammad, expose a significant number of WordPress websites to potential breaches. Within these vulnerabilities, the Avada Builder plugin exhibits two weaknesses. The first is an Authenticated SQL Injection (CVE-2023-39309).
Aug 12, 2023THNVulnerability / Privacy Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. “An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.’s desk phones and Zoom’s Zero Touch Provisioning feature can gain
The US Cyber Safety Review Board (CSRB) has issued a comprehensive report shedding light on the operations of the notorious extortion-focused hacker collective, Lapsus$. The findings reveal that Lapsus$ exploited basic strategies to sidestep conventional security measures, prompting the CSRB to propose ten concrete recommendations for both governmental bodies and industries. The report, delivered to
by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two special items dubbed Exploitation Detected.
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. “Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets,” ESET security researcher Matthieu
Threat actors are becoming more efficient at targeting Mac users through MacOS tailored malware, according to Bitdefender’s macOS Threat Landscape Report. While Apple’s ecosystem still experiences a narrower range of threats than other popular operating systems like Microsoft’s Windows and Google’s ChromeOS, the researchers warned that “this false sense of protection often means malware tailored
by Paul Ducklin SNOOPING ON MEMORY, KEYSTROKES AND CRYPTOCOINS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of
Aug 10, 2023THNMalware / Cyber Threat Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used
A serious data leak has exposed the personal details of police officers and civilian personnel working at the Police Service of Northern Ireland (PSNI), it was confirmed on August 8. The breach occurred following the accidental release of data within a spreadsheet following a Freedom of Information (FoI) request. This revealed the surnames and initials
by Paul Ducklin Audio recordings are dangerously easy to make these days, whether by accident or by design. You could end up with your own permanent copy of something you thought you were discussing privately, preserved indefinitely in an uninterestingly-named file on your phone or laptop, thanks to hitting “Record” by mistake. Someone else could
Aug 09, 2023THNCyber Espionage / Cyber Attacks Hackers associated with China’s Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name RedHotel (previously Threat
An unidentified threat actor, reportedly originating from Vietnam, has been observed engaging in a ransomware campaign that commenced no later than June 4 and employing a variant of the Yashma ransomware, showcasing similarities to the infamous WannaCry ransomware. According to a new advisory published by Cisco Talos on Monday, what sets this operation apart is
Aug 08, 2023THNMalware / Cyber Threat The operators associated with the QakBot (aka QBot) malware have set up 15 new command-and-control (C2) servers as of late June 2023. The findings are a continuation of the malware’s infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed that