Mar 22, 2023Ravie LakshmananCyber Threat Intelligence The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware. According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the development is illustrative of the group’s continuous efforts to refine and
Month: March 2023
Twenty different spam campaigns relying on the Mispadu banking Trojan were discovered targeting victims in Chile, Mexico, Peru and Portugal. The findings, which show 90,518 credentials stolen from a total of 17,595 unique websites, come from the Ocelot Team of Latin American cybersecurity firm Metabase Q. These included a number of government websites: 105 in
by Paul Ducklin There are plenty of military puns in operating system history. Unix famously has a whole raft of personnel known as Major Number, who organise the batallions of devices such as disk drives, keyboards and webcams in your system. Microsoft once struggled with the apparently incompetent General Failure, who was regularly spotted trying
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been
Mar 20, 2023Ravie LakshmananCyber Threat / Malware A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. “DotRunpeX is a new injector written in .NET using the Process Hollowing technique and
The Russia-aligned advanced persistent threat (APT) known as Winter Vivern has been observed conducting espionage campaigns targeting government organizations and a private telecommunication organization. Security researchers at SentinelOne shared details about the new campaign in an advisory published on Thursday. The APT activity was first identified by DomainTools in early 2021 and then further described
Mar 18, 2023Ravie LakshmananCyber Crime / Data Breach U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.” The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and
The Project Zero team at Google published a new advisory on Thursday, confirming it reported 18 zero-day vulnerabilities in Exynos Modems made by Samsung between late 2022 and early 2023. Written by Project Zero head, Tim Willis, the blog post states that four of the vulnerabilities (CVE-2023-24033 and three others that have yet to be
by Paul Ducklin Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash. Microsoft has tried many things over the years to shake that nickname “BSoD”, including changing the background colour used when crash
How cybercriminals can exploit Silicon Valley Bank’s downfall for their own ends – and at your expense Big news events and major crises usually trigger an avalanche of follow-on phishing attempts. The COVID-19 pandemic and Russia’s invasion of Ukraine are perhaps the most obvious examples, but the most recent one is the collapse of Silicon
Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto
Dozens of websites set up to deliver trojanized versions of WhatsApp and Telegram apps have been spotted targeting Android and Windows users. As discovered by security researchers at ESET, most of these apps rely on clipper malware designed to steal or modify the contents of the Android clipboard. Read more on clipper malware here: Shein
by Paul Ducklin Google has just revealed a fourfecta of critical zero-day bugs affecting a wide range of Android phones, including some of its own Pixel models. These bugs are a bit different from your usual Android vulnerabilities, which typically affect the Android operating system (which is Linux-based) or the applications that come along with
Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse When mayhem, panic and chaos set in – as has been the case following the meltdowns of Silicon Valley Bank (SVB) and Signature Bank and
Mar 17, 2023Ravie LakshmananMobile Security / Scam Alert An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. “FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its
The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed information regarding a .NET deserialization vulnerability (CVE-2019-18935) in the Progress Telerik user interface (UI) for ASP.NET AJAX. CISA described the findings in an advisory on Wednesday, saying multiple cyber-threat actors were able to exploit the flaw, which also affected the Microsoft Internet Information Services (IIS) web server
by Paul Ducklin THE PRICE OF FAST FASHION Lucky Thirteen! The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday. No audio player below? Listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers –
Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that’s designed to load Cobalt Strike onto infected machines. Dubbed SILKLOADER by Finnish cybersecurity company WithSecure, the malware leverages DLL side-loading techniques to deliver commercial adversary simulation software. The development comes as improved detection capabilities
A new malware campaign targeting an East Asian company that develops data-loss prevention (DLP) software for government and military entities has been attributed to the advanced persistent threat (APT) group known as Tick. According to an advisory published by ESET on Tuesday, the threat actor breached the DLP company’s internal update servers to deliver malware
by Paul Ducklin Heard of cricket (the sport, not the insect)? It’s much like baseball, except that batters can hit the ball wherever they like, including backwards or sideways; bowlers can hit the batter with the ball on purpose (within certain safety limits, of course – it just wouldn’t be cricket otherwise) without kicking off
Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage. Online fraud can be thought of as a price we pay for the ubiquity of digital services. These services make our lives easier, healthier, safer and more entertaining. But there are
Mar 15, 2023Ravie LakshmananCyber Espionage / Data Security A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. “Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies,
A previously unknown threat actor has been observed conducting espionage campaigns against CIS (Commonwealth of Independent States) entities. Dubbed YoroTrooper by the Cisco Talos team, the threat actors mainly targeted government and energy organizations across Azerbaijan, Tajikistan and Kyrgyzstan. “We also observed YoroTrooper compromise accounts from at least two international organizations: a critical European Union
by Paul Ducklin Thanks to the precise four-week length of February this year, last month’s coincidence of Firefox and Microsoft updates has happened once again. Last month, Microsoft dealt with three zero-days, by which we mean security holes that cybercriminals found first, and figured out how to abuse in real-life attacks before any patches were
ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group ESET researchers discovered a campaign that we attribute with high confidence to the APT group Tick. The incident took place in the network of an East Asian company
Mar 14, 2023Ravie LakshmananNetwork Security / Botnet A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. “GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that
UK law enforcers claimed on Friday to have dismantled a major money laundering gang after its final three members were sentenced following a five-year investigation. Aurimas Bielskis, 41, Vitalijs Slapkins-Slapkovs, 34, and Nedas Kiviliauskas, 34, were sentenced at Kingston Crown Court in west London. Bielskis and Slapkins-Slapkovs were each handed 22 months in prison, suspended for
Mar 13, 2023Ravie LakshmananBrowser Security / Artificial Intelligence A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. “By hijacking high-profile Facebook business accounts, the threat actor creates an elite
The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report. Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.” Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting