by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Month: March 2022
The recent WannaCry ransomware attack that infected more than 250,000 computers worldwide was a good reminder to everyone about staying vigilant when it comes to internet safety. After all, many of us stay connected most of the time, whether it’s on our laptops or mobile devices, giving cybercriminals a wide range of opportunities to go
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by
A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation’s (FBI) Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data. Igor Dekhtyarchuk, who first appeared in hacker
A woman from New Orleans has been sent to prison for buying patients’ data stolen from a medical clinic and using it to obtain thousands of dollars fraudulently. Ashley Green, aged 41, was arrested in 2015 along with her 32-year-old cousin, Royale Lassai, and 37-year-old Brandon Livas following an investigation by the Jefferson Parish Sheriff’s
by Paul Ducklin In January 2021, reports surfaced of a backup-busting ransomware strain called Deadbolt, apparently aimed at small businesses, hobbyists and serious home users. As far as we can see, Deadbolt deliberately chose a deadly niche in which to operate: users who needed backups and were well-informed enough to make them, but who didn’t
Finding someone who hasn’t heard of TikTok in 2022 would be quite the achievement. As one of the most popular social media platforms of the moment, it is not only being used by our tweens, teens and even grownups to connect but also as a crucial way to tell important stories amidst a backdrop of
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came
Four parallel data breach lawsuits have been filed against a 45-year-old background check services company based in Massachusetts. Creative Services, Inc. (CSI), located in Mansfield, provides background screening, drug testing and security consulting services to employers, institutions and governments in the United States and overseas. According to an official filing by the company, on November
I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do!
As the war rages, the APT group with a long résumé of disruptive cyberattacks enters the spotlight again For cybersecurity pundits, it has become a doctrine that cyberdisruption, whether perpetrated directly or via proxy groups, can be expected to accompany military, political, and economic action as a way of softening up targets or of strategically
Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The development, which was first reported by Vice and Reuters, comes after the cyber criminal group posted screenshots and source code of what it said were the companies’ internal projects and systems on its
New Mexico has appointed its first senior advisor for cybersecurity and critical infrastructure. New Mexico governor Michelle Lujan Grisham announced the appointment of Annie Winterfield Manriquez on Friday Manriquez will work with key stakeholders across the private sector and government to improve New Mexico’s cybersecurity infrastructure and systems. She will also be tasked with devising
by Paul Ducklin CafePress is a web service that lets artists, shops, businesses, fan clubs – anyone who signs up, in fact – turn designs, corporate slogans, logos and the like into fun merchandise they can give away or sell on to others. The days when you had to put in an order for several hundred coffee
The humble internet browser. Dutifully taking you the places you want to go online, whether that’s the bank, the store, the movies, or even to work. All the more reason to make sure your browser gets every last bit of protection it can. It’s easy to fire up your browser without a second thought. Arguably,
A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single
Multiple Ukrainian news websites were allegedly hacked by Russian threat actors, leaving the ‘Z’ symbol on display to visitors. The State Service of Special Communication and Information Protection of Ukraine, the nation’s technical security and intelligence service, confirmed the incident in a web post last night, attributing blame to Russian state-sponsored actors. The organization stated: “As a
by Paul Ducklin As almost everyone who doesn’t live in North America knows… …American dates are weird! Those of us who care about these things use YYYY-MM-DD, because writing 2022-03-14 is undoubtedly the easiest way of avoiding ambiguity in dates, givem that the four-digit part is obviously the year, and everyone who writes the year
Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML
Uganda has arrested an author and activist and a TV journalist for allegedly cyber stalking the country’s President, Yoweri Museveni. Author Norman Tumuhimbise and his colleague Farida Bikobere were reportedly bundled into a van by armed security personnel last week. The pair’s lawyer, Eron Kiiza, confirmed their arrest on Thursday to the news agency Agence France-Presse (AFP).
by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA) has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. To sidestep rumours based on the title alone (which some readers might interpret as an attack
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 100,000 McAfee Labs
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that
A spear-phishing study by security company Barracuda has found that a third of malicious logins into compromised accounts in 2021 came from Nigeria. The finding was included in the Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks report, released by the company on Wednesday. The
by Paul Ducklin OpenSSL published a security update this week. The new versions are 3.0.2 and 1.1.1n, corresponding to the two currently-supported flavours of OpenSSL (3.0 and 1.1.1). The patch includes a few general fixes, such as error reporting that’s been tidied up, along with an update for CVE-2022-0778, found by well-known bug eliminator Tavis
It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will sure to follow—along with online betting scams. Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states
Cyberattacks against data centers may ultimately be everyone’s problem – how prepared are their operators for the heightened risk of cyber-assaults? As the war in Ukraine continues, so does the potential for further escalation in kinetic hostilities. At the same time, the odds that the conflict may lead to major cyberattacks against targets beyond Ukraine’s
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891,
Cyber-criminals are impersonating legitimate aid organizations to steal financial donations intended for the people of Ukraine, according to new research by managed detection and response provider, Expel. Analysis of attack vectors and incident trends performed by the company’s security operations center (SOC) for Expel’s February Attack Vectors Threat Report found multiple phishing emails referencing the invasion of Ukraine to
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.