Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads. Malwarebytes researchers have now demonstrated how unsuspecting users seeking software downloads can be tricked into visiting malicious websites and unwittingly downloading malware. Bing Chat, an artificial intelligence (AI) interactive text and image application powered by OpenAI’s
Month: September 2023
Sep 30, 2023THNRansomware / Cyber Threat The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit,
Video During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan 29 Sep 2023 This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the
The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android devices. The company unveiled this increased payout on X (formerly Twitter) on Tuesday, aiming to attract top-tier researchers and developer teams to collaborate with their platform. Under this program, Operation Zero is willing to pay
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an “evolved version” of another loader malware known as DoubleFinger. “The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.,” Kaspersky said in
Secure Coding While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles Christian Ali Bravo 27 Sep 2023 • , 4 min. read Coding is a pivotal skill in many
The Budworm advanced persistent threat (APT) group, also known as LuckyMouse, Emissary Panda or APT27, has once again demonstrated its active development of cyber-espionage tools. In August 2023, security researchers from Symantec’s Threat Hunter Team, a part of Broadcom, uncovered Budworm’s use of an updated version of its key tool to target a Middle Eastern telecommunications
Sep 28, 2023THNSupply Chain / Malware A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. “The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked
Secure Coding, Business Security Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security? 26 Sep 2023 • , 5 min. read There are – and will always be – vulnerabilities in software. Just like there is no perfect security, there
Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues. With over 50,000 active installations, the plugin developed by smp7 and wp.insider is widely used for custom membership management on WordPress sites. The flaws identified by Patchstack security researchers include
Sep 27, 2023THNMalware / Cyber Attack A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a “high technical level and cautious attack attitude,” adding that “the phishing attack activity captured this
Xenomorph malware has reemerged in a new distribution campaign, expanding its scope to target over 30 US banks along with various financial institutions worldwide. Cybersecurity analysts from ThreatFabric recently uncovered this resurgence, which relies on deceptive phishing webpages posing as a Chrome update to trick victims into downloading malicious APKs. Xenomorph first came to the
Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security
Sep 26, 2023THNEndpoint Security / Password Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric
Unit 42 researchers have unveiled a web of complex cyber-espionage attacks targeting a government in Southeast Asia. While initially thought to be the work of a single threat actor, the researchers discovered that the attacks were orchestrated by three separate and distinct clusters of threat actors. These espionage operations, occurring simultaneously or nearly so, affected
Sep 25, 2023THNCyber Attack / Phishing Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. “Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service
For years, the Middle East has maintained its reputation as a fertile ground for advanced persistent threats (APTs). In the midst of routine monitoring of suspicious activities on the systems of high-profile customers, some based in this region, ESET Research stumbled upon a very sophisticated and unknown backdoor that we have named Deadglyph. We derived
Security researchers at SentinelLabs, in collaboration with QGroup, have unveiled a new threat actor known as Sandman. This unidentified group has been launching targeted attacks on telecommunications providers in regions including the Middle East, Western Europe and South Asia. According to an advisory published by SentinelLabs on Thursday, Sandman’s tactics are marked by stealthy lateral movements
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. “The targeting took place after Eltantawy publicly stated his plans to run
Video Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups 22 Sep 2023 The lineup of speakers at this year’s edition of LABScon featured two ESET malware researchers who took to the stage to deconstruct sophisticated attacks conducted by two well-known APT groups.
The year 2023 has seen a surge of over 700 advertisements on the dark web offering Distributed Denial of Service (DDoS) attacks through Internet of Things (IoT) devices, suggests a new report by Kaspersky. These services come at varying price points, depending on factors like DDoS protection and verification on the target’s end, ranging from
Sep 23, 2023THNCyber Espionage / Malware Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET
The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super
Sep 22, 2023THNMalware / Cyber Threat An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. “The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering
ESET researchers have analyzed two campaigns by the OilRig APT group: Outer Space (2021), and Juicy Mix (2022). Both of these cyberespionage campaigns targeted Israeli organizations exclusively, which is in line with the group’s focus on the Middle East, and used the same playbook: OilRig first compromised a legitimate website to use as a C&C
The UK government has announced its decision to establish a data bridge with the US, enabling the free flow of personal data between the two regions. Adequacy regulations have been laid out in the UK Parliament on September 21, 2023, to give effect to this decision, with the regulations due to come into force from
Sep 21, 2023THNTelecom Security / Cyber Attack A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for the Lua programming language known as LuaJIT as
The average annual cost of insider risk incidents has risen to $16.2m per organization in 2023, up from $15.4m in 2022, according to DTEX and the Ponemon Institute’s latest Cost of Insider Risks report. This represents a 40% rise over four years. The research also found that the number of insider incidents has increased to
Sep 20, 2023THNCyber Crime / Dark Web Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. “The site operated as a hidden service in the encrypted TOR network,” the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. “The
While most people won’t be surprised to hear that China is investing heavily in cybersecurity, the extent of the country’s cyber power could be more significant than anyone would imagine. According to Christopher Wray, director of the FBI, China already has a more extensive hacking program than every other major nation combined. During his talk