Google Play Store’s new Data Safety labels have been criticized for being inaccurate in nearly 80% of cases. The claims come from Mozilla’s *Privacy Not Included researchers, who published a new study about them on Thursday. “[We] found that the labels were false or misleading based on discrepancies between the apps’ privacy policies and the
Month: February 2023
by Paul Ducklin Thanks to Tommy Mysk and Talal Haj Bakry of @mysk_co for the impetus and information behind this article. The duo describe themselves as “two iOS developers and occasional security researchers on two continents.” In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not
ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022 This blogpost presents a compiled overview of the disruptive wiper attacks that we have observed in Ukraine since the beginning of 2022, shortly before the Russian military invasion started. We were able to
Feb 27, 2023Ravie Lakshmanan The Dutch police announced the arrest of three individuals in connection with a “large-scale” criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It’s estimated
The US Cybersecurity and Infrastructure Security Agency (CISA) warned nations’ defenders yesterday against disruptive and defacement attacks today. These, the agency said on Thursday, may spur from attempts to sow chaos and societal discord on the anniversary of Russia’s 2022 invasion of Ukraine. “In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion
by Paul Ducklin LEARNING FROM OTHERS The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You
With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? It’s been twelve months since Russia invaded Ukraine, and it’s a good time to pause and reflect on a few pertinent issues, including: How is the war playing out in cyberspace? Have the cyber-elements turned out as expected?
Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular
The UK’s privacy regulator has called on accountants to play a key role in ensuring the country’s SMEs are compliant with rigorous data protection laws. The Information Commissioner’s Office (ICO) said that research from 2021 revealed that around a third (34%) of smaller businesses trust their accountants for advice, while a fifth (20%) use these
by Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end. This satirical observation has flowed diretly into modern
It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality.
Feb 23, 2023Ravie LakshmananCryptocurrency / Malware An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems’ resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security
A suspected distributed denial of service (DDoS) attack downed several websites broadcasting President Putin’s state of the nation address on Tuesday, according to reports. Reuters said journalists based in multiple locations were unable to access the All-Russia State Television and Radio Broadcasting Company (VGTRK) website or the Smotrim live-streaming platform for periods during the speech.
by Paul Ducklin Popular cryptocurrency exchange Coinbase is the latest well-known online brand name that’s admitted to getting breached. The company decided to turn its breach report into an interesting mix of partial mea culpa and handy advice for others. As in the recent case of Reddit, the company couldn’t resist throwing in the S-word
ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results ESET researchers identified a malware campaign that targets Chinese-speaking people in Southeast and East Asia by buying misleading advertisements to appear in Google search results that lead to
Feb 22, 2023Ravie LakshmananExploitation Framework / Cyber Threat An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an
A ransomware group is asking insured victims for details about their policy, claiming it will ultimately lower their risk exposure. Introduced in November 2022, HardBit 2.0 claims to steal data before encrypting the victim organization’s data, but unusually for such a group it has no leak site and does not use “double extortion” as a
by Paul Ducklin Twitter has announced an intriguing change to its 2FA (two-factor authentication) system. The change will take effect in about a month’s time, and can be summarised very simply in the following short piece of doggerel: Using texts is insecure for doing 2FA, So if you want to keep it up you're going
AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware? ChatGPT didn’t write this article – I did. Nor did I ask it to answer the question from the title – I will. But I guess that’s just what ChatGPT might say. Luckily, there are
Feb 21, 2023Ravie LakshmananCyber Threat / Cyber Attack A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy. SideCopy is a threat group of Pakistani origin that shares overlaps with another actor called Transparent
Several Chinese state-sponsored threat groups have been observed targeting businesses and governments in the European Union. The claims come from a joint publication by the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU). Published on Wednesday, the document directly mentions particular advanced persistent threats (APTs): APT27,
A new malicious actor dubbed “WIP26” by SentinelOne has been observed targeting telecommunication providers in the Middle East. Describing the threat in a Thursday advisory, the security researchers said the team has been monitoring WIP26 with colleagues from QGroup GmbH. “WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft
by Paul Ducklin Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update of the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption. In this bug, firing the same encrypted message over
No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield As military and tech gather to address the frosty world defense conditions and what the intersection of technology’s role is with attendees at AFCEA West, it’s clear that the global warfighting world has changed. No longer
Threat actors used search engine ads to impersonate makers of popular software and direct internet users to malicious websites This week, the ESET research team has published a report describing a malware campaign that took aim at Chinese-speaking people in Southeast and East Asia. The campaign involved malicious advertisements that appeared in Google search and
Feb 18, 2023Ravie LakshmananAuthentication / Online Security Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said. “We will no longer allow
Feb 19, 2023Ravie LakshmananNetwork Security / Firewall Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list
The administration of the City of Oakland, California, declared a state of emergency on Tuesday due to a ransomware attack that occurred last week. “The City of Oakland recently learned that it was subject to a ransomware attack, and the City and its Information Technology Department (ITD) are following industry best practices to investigate the scope
Two business email compromise (BEC) groups have been observed using executive impersonation to conduct attacks on companies worldwide. The findings come from security researchers at Abnormal Security, who have dubbed the threat actors “Midnight Hedgehog,” specializing in payment fraud, and “Mandarin Capybara,” who is focused on executing payroll diversion attacks. “Combined, they have launched BEC campaigns
by Paul Ducklin Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need, if not everything you’d really like to know, is there, but there’s such a dizzing number of ways to view it, and so many generated-on-the-fly pages are needed to display it, that it can