An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan’s financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10, also known as
Month: February 2022
by Paul Ducklin Unfortunately, we’ve had to warn about sextortion, also known as porn scamming, many times before. Porn scams are phishing tricks whereby criminals try to squeeze you into making contact with them, or even to pay them money immmediately, by claiming to have evidence that you have committed some sort of sexually-related online
Have you ever been online and replied to a comment or post? Maybe it was on Reddit or on an influencer’s Instagram. Did other people reply to you, and were any of them unexpectedly hostile? When you’re online, a little hostility is sadly par for the course, but most people brush it off and move
Credit Suisse has hit back at allegations of severe due diligence failures exposed by a major new leak of customer account information. Details of 18,000 accounts linked to 30,000 clients containing an estimated £80bn ($100bn) were shared by an anonymous whistleblower with various media outlets, including The Guardian. “I believe that Swiss banking secrecy laws are
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses’ digital defenses. And unfortunately — the bad guys have the upper hand at the moment. Part of the reason
The United States Department of Justice (DOJ) is cracking down on the criminal misuse of cryptocurrencies and digital assets. In a statement released Thursday, the DOJ announced the appointment of prosecutor and former senior counsel to the deputy attorney general, Eun Young Choi, as the first director of the National Cryptocurrency Enforcement Team (NCET). Comprising department attorneys,
Researchers have detailed what they call the “first successful attempt” at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. “We were able to recover the master key for generating the file encryption key without the attacker’s private key, by using a cryptographic vulnerability identified
by Paul Ducklin Storm conditions in November 2021 in northern and north-eastern parts of the UK brought down powerlines in some areas, leaving many homes without electricity for several days. British power companies, which, for better or worse, are privatised rather that state-run, are required to pay out compensation to customers who did not receive
A man from Florida will not be serving time in prison for his role in a multi-million dollar Medicare fraud scheme involving the sale of patients’ personal and medical data. Boca Raton resident, Nathan LaParl, aged 35, and his 30-year-old accomplice Talia Alexandre, of Palm Springs, worked with foreign call centers to contact Medicare patients
The U.S. Department of Justice (DoJ) earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET) it established last year. The NCET was created to tackle the criminal misuse of cryptocurrencies and digital assets,” with a focus on illegal activities in virtual currency exchanges, mixing
by Paul Ducklin If you’re using PHP in your network, check that you’re using the latest version, currently 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement bugs, including CVE-2021-21708, which is a use-after-free blunder in a function called php_filter_float(). A proof-of-concept exploit based on using PHP to query a database shows that the
The infamous Trickbot Trojan has targeted customers of scores of big-name brands over the past year, including Amazon, PayPal and Microsoft, according to new data from Check Point. The security vendor claimed that the malware had infected at least 140,000 victims since November 2020, with attackers being careful to target high-profile victims. Among the 60 brands
Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early stages. The company’s Microsoft 365 Defender Research Team called out various new avenues through which
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
The UK’s cybersecurity industry generated record levels of external investment and revenue in the last financial year, according to official figures. The DCMS Annual Cyber Sector Report 2022 revealed more than £1bn was raised in external investment over 84 deals during this period. This includes Bristol-based Immersive Labs, which secured £53.5m, and London-headquartered Tessian, which raised more
Progress is a driving force of humanity, but what does that word “progress” really mean and what part do we have to play? From spaceflight to medicine to renewable energy, we continue to see advances that could bring huge benefits to the world. Progress is a driving force of humanity, but what does that word
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking à la Apple’s App Tracking Transparency (ATT) framework,
by Paul Ducklin VMWare’s latest security bulletin doesn’t mince its words about how quickly you should patch: When do I need to act? Immediately. The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments. [… G]iven the severity, we strongly recommend that you act. The issues referred to
A range of pressing cybersecurity issues was discussed by members of the RSA Conference advisory board during a virtual session this week. The panelists began by highlighting the elevated profile of cybersecurity during the COVID-19 pandemic, which is increasingly coming to the attention of business leaders. Caroline Wong, chief strategy officer at Cobalt, noted that “when I began my career, I
Why would a tax agency contractor’s privacy policy mention collecting information about my Facebook friends? The IRS has made a U-turn on facial recognition, but what about the Social Security Administration or the California Department of Motor Vehicles’ use of the same contractor? In the last few weeks, the US Internal Revenue Service (IRS) made
VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there’s no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is
Summary The ShadowPad advanced modular remote access trojan (RAT) has been deployed by the Chinese government-sponsored BRONZE ATLAS threat group since at least 2017. A growing list of other Chinese threat groups have deployed it globally since 2019 in attacks against organizations in various industry verticals. Secureworks® Counter Threat Unit™ (CTU) analysis of ShadowPad samples
by Paul Ducklin In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers. Remember that a zero-day exploit is a security bypass, typically one that allows Bad Guys to break in and run or implant software of their own
Reported scams surged by 17% in the final quarter of 2021 in the UK, while attempted scams increased by 70% over the same period, according to new data from Barclays. The findings, based on responses from over 2000 UK residents, came as the bank issued new guidance for the public on how to detect the common
How well retailers can manage the surge in cyberthreats may be crucial for their prospects in a post‑pandemic world It’s hardly surprising that the retail sector is one of the most frequently targeted globally, with retail sales in the US alone projected to top $5.2 trillion in 2022. Consumers’ money and data have for years been
Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others,
by Paul Ducklin Using the Adobe Commerce online selling platform? Using Magento, the free, open-source variant of the same product? Buying products from online stores that use either of these? Using online services that themselves use services that (…repeat up the supply chain as needed…) ultimately depend upon Magento or Adobe’s paid version? If so,
A local authority in the UK hit by suspected Russian actors has set aside £380,000 ($514,000) to remediate and recover from the incident, according to reports. Gloucester City Council discovered the breach back in December and warned at the time that it could take up to six months to fix as servers would need rebuilding.
Spain’s National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and
Security researchers at Website Planet have discovered an unsecured Amazon S3 bucket containing the Personal Identifiable Information (PII) of millions of people. Inside the bucket were ten folders, containing around 6,000 files and totaling over 1GB of data. While most (approximately 99%) of the data belongs to American residents, some information relates to people living in Canada.