Dec 14, 2022Ravie LakshmananWebsite Security / Linux A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems. “This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses
Month: December 2022
A wildly popular new AI bot could be used by would-be cyber-criminals to teach them how to craft attacks and even write ransomware, security experts have warned. ChatGPT was released by artificial intelligence R&D firm OpenAI last month and has already passed one million users. The prototype chatbot answers questions with apparent authority in natural
by Paul Ducklin You’ve probably heard of Pwn2Own, a hacking contest that started life alongside the annual CanSecWest cybersecurity event in Vancouver, Canada. Pwn2Own is now a multi-million “hackers’ brand” in its own right, having been bought up by anti-virus outfit Trend Micro and extended to cover many more types of bug than just browsers
Payment applications make splitting restaurant bills, taxi fares, and household expenses so much easier. Without having to tally totals at the table or fumble with crumpled bills, you and your companions can spend less stress and more time on the fun at hand. There are various payment apps available, and the company that may first
ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy The future isn’t what it used to be. This adage, if a little trite, has taken on a whole new meaning after our lives
Dec 13, 2022Ravie LakshmananSoftware Security / Cloud Security A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. “By exploiting this vulnerability, a malicious actor could delete all images in the Amazon
Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cybersecurity specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages. “Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads
by Paul Ducklin It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. The company said nothing more about that bug than to describe it as a “heap buffer overflow in GPU” [sic], and to
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some
ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that
Dec 10, 2022Ravie LakshmananHack-for-Hire / Threat Intelligence Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware
Threat group Silence has been spotted infecting an increasing number of devices using Truebot malware. The findings come from Cisco Talos researchers, who have also suggested a connection between Silence and the infamous hacking group Evil Corp (tracked by Cisco as TA505). According to an advisory published on Thursday, the campaigns observed by the firm
by Paul Ducklin DATA BREACHES – THE STING IN THE TAIL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and
Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for
Indiana’s attorney general filed two separate lawsuits against social media firm TikTok Wednesday alleging the platform promoted content to young users that isn’t age-appropriate and did not adequately protect the safety of users’ data. According to court documents, the TikTok algorithm “promotes a variety of inappropriate content to 13-17-year-old users throughout the United States.” Indiana’s
by Paul Ducklin Researchers at application security company Jscrambler have just published a cautionary tale about supply chain attacks… …that is also a powerful reminder of just how long attack chains can be. Sadly, that’s long merely in terms of time, not long in terms of technical complexity or the number of links in the
You flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every
ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for
Dec 08, 2022Ravie LakshmananMobile Security / Android Malware Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared
The UK’s privacy regulator has fined five companies accused of making nuisance marketing calls, including some that deliberately targeted vulnerable people and pressured them into handing over their card details. The Information Commissioner’s Office (ICO) fined the firms a total of £435,000 for making almost half a million unlawful marketing calls to people registered with
by Naked Security writer A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000. The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape. This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It
Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive This week, ESET researchers published their analysis of a previously undocumented backdoor that the ScarCruft APT group has used against carefully selected targets. ScarCruft is an espionage group that has
Dec 07, 2022Ravie LakshmananCryptocurrency / Threat Intelligence Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft’s Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of
Cloud company Rackspace has revealed it experienced a cybersecurity incident causing it to temporarily suspend its Hosted Exchange environment, which has now been restored. “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the
by Paul Ducklin One of the first low-level network tools that any computer user learns about is the venerable ping utility. Named after the eponymous sound effect from any and every old-school war movie scene involving submarines, the command is a metaphorical echo (see what we did there?) of the underwater version of RADAR known
Without doubt, the biggest criticism we all have of social media is that everyone always looks fabulous! And while we all know that everyone is only sharing the best version of themselves, let’s be honest – it can be a little wearing. Well, there’s a new social media platform that is determined to uproot our
Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. While I was in the UK police force and part of the National Cyber Crime Unit in 2018, I was asked to give a talk on cybersecurity at a National Farmers’ Union (NFU) meeting in southern England.
Dec 06, 2022Ravie LakshmananEndpoint Security / Data Security A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its “weak architecture and programming.” Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by
Threat actors have been spotted using criminal proxy networks to obfuscate their illegal activities by hiding behind hijacked IP addresses and using the same to create an appearance of legitimacy. The findings come from security researchers at DomainTools, who have said that while these networks were initially used as part of botnets, their lucrative nature