An employee from the US Consumer Financial Protection Bureau (CFPB) has reportedly forwarded confidential records of roughly 256,000 consumers and confidential supervisory information of approximately 50 institutions to a personal email account. Congressman Bill Huizenga addressed the claims in a letter to CFPB director, Rohit Chopra, dated April 18. “At the time of your notification,
Month: April 2023
by Paul Ducklin LOOPING THE LOOP No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS
Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way. A slow-running computer can be a major headache, affecting your productivity and causing unnecessary stress. But before frustration kicks in and makes you run to buy a new machine, there
Apr 21, 2023Ravie LakshmananKubernetes / Cryptocurrency A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. “The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report
The APT group known as Daggerfly (as well as Evasive Panda and Bronze Highland) has been observed targeting a telecommunications organization in Africa with new plugins created with the MgBot malware framework. A new advisory published today by Symantec described the findings, saying the malicious campaign was first spotted in November 2022 and is likely
The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents The European Union (EU) is transforming itself into a digitally aware, secure, and productive collective, with the aim of entering the 2030s as a relevant player within the digital sector. One of the base ideas
Apr 20, 2023Ravie LakshmananCloud Security / Vulnerability A chain of two critical flaws has been disclosed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. “The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers’ PostgreSQL
With the enhanced activity of cyber adversaries in the wake of the war in Ukraine, international collaboration is needed more than ever. Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC), said, “I am really proud of the role the NCSC played, in conjunction with [Foreign, Commonwealth and Development Office] FCDO and our
by Paul Ducklin We’ve said this before, but we’ll repeat it again here: Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional
When decommissioning their old hardware, many companies ‘throw the baby out with the bathwater’ Taking a defunct router out of an equipment rack and sliding in a shiny new replacement is probably an everyday occurrence in many business networking environments. However, the fate of the router being discarded should be as important, if not more
Apr 19, 2023Ravie LakshmananBrowser Security / Zero-Day Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google’s Threat Analysis Group
Organizations and their cyber defenders are getting better at detecting cyber-attacks but detection time still stands at 16 days, according to Google’s Mandiant. In its 14th annual M-Trends report, published on April 18, 2023, the cybersecurity firm found that 2022 saw a decrease global median dwell time – the time the victim of a cyber-attack
by Paul Ducklin If you’d never heard the cybersecurity jargon word “juicejacking” until the last few days (or, indeed, if you’d never heard it at all until you opened this article), don’t get into a panic about it. You’re not out of touch. Here at Naked Security, we knew what it meant, not so much
Summary Amazon Web Service (AWS) Lambda is a serverless event-driven compute service. It is a function as a service (FaaS) that allows users to deploy application functionality without the complexity of maintaining the underlying infrastructure. Lambda executions can be triggered by events from other AWS services or software-as-a-service (SaaS) applications. Inside the Lambda execution environment
Apr 18, 2023Ravie LakshmananMobile Security / Hacking A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.
An Israeli commercial spyware maker recently linked to a new zero-day iPhone exploit is closing its doors for good, according to a local report. Unnamed sources told Israeli daily Calcalist yesterday that Tel Aviv-based QuaDream has sacked all of its employees and will wind down operations over the coming days. Read more on commercial spyware makers:
Apr 17, 2023Ravie LakshmananCyber Threat / Cloud Security A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google’s infrastructure for malicious ends. The tech giant’s Threat Analysis Group (TAG) attributed the campaign to a threat
The “Read The Manual” (RTM) Locker group has been observed targeting corporate environments with ransomware and forcing their affiliates to follow a strict set of rules. According to an advisory published on Thursday by Trellix cybersecurity experts, the businesslike approach of the group (also observed in other threat actors, such as Conti) shows its organizational maturity.
The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers? Whether we like it or not, writers and bloggers are part of a community. And while we might write on totally different topics and espouse views from
Apr 14, 2023Ravie LakshmananUnited States The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland’s Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps
Several cybersecurity organizations worldwide have jointly published a new series of guidelines to aid manufacturers in prioritizing cybersecurity practices while designing products. The paper was developed by the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, the UK,
Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers Microsoft has released guidance on how organizations can detect BlackLotus, a powerful threat that was first analyzed by ESET researchers. BlackLotus is a UEFI bootkit that is capable of operating on Windows
Apr 15, 2023Ravie LakshmananZero-Day / Browser Security Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in
The volume of US data breaches fell in Q1 2023, but the number of notices with no actionable information contained within grew by 20% from the previous quarter, according to the Identity Theft Resource Center (ITRC). The non-profit tracks publicly reported data breaches and leaks in the US but has been dismayed by the growing reluctance
by Paul Ducklin I’M SORRY, DAVE, I’M AFRAID… SORRY, MY MISTAKE, I CAN DO THAT EASILY No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts
Apr 14, 2023Ravie LakshmananMobile Security / Cyber Threat The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below – CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) –
The US Cybersecurity and Infrastructure Security Agency (CISA) published the second version of its Zero Trust Maturity Model on Tuesday, which incorporates recommendations from a public comment period. The updated guidelines aim to further the federal government’s progress toward a zero trust approach to cybersecurity in support of the new National Cybersecurity Strategy. Read more
by Paul Ducklin It’s Patch Tuesday Week (if you will allow us our daily pleonasm), and Microsoft’s updates include fixes for a number of security holes that the company has dubbed Critical, along with a zero-day fix, although the 0-day only gets a rating of Important. The 0-day probably got away with not being Critical
Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured While threat detections continue to rise, the widening cybersecurity skills gap is leaving businesses exposed. It is an issue particularly felt by SMBs forced to rein in
Apr 13, 2023Ravie LakshmananSoftware Security / Bug Hunting OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are “safe and secure.” To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in