Month: May 2023

An increasing number of threat actors have been observed using the leaked Babuk code from 2021 to create a new form of ransomware targeting VMware ESXi hypervisor environments. According to an advisory published by SentinelOne earlier today, these novel variants emerged between 2022 and 2023, showing an increasing trend of Babuk source code adoption. The

by Paul Ducklin “PRIVATE KEY”: THE HINT IS IN THE NAME No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop

Joseph James O’Connor, a 23-year-old British man, has admitted his involvement in hacking schemes targeting high-profile Twitter accounts, including those of Barack Obama and Elon Musk.  O’Connor was extradited from Spain on April 26 after being arrested nearly two years ago. He pleaded guilty in a New York court earlier this week.  Read more on

by Paul Ducklin Microsoft’s May 2023 Patch Tuesday updates comprise just the sort of mixture you probably expected. If you go by numbers, there are 38 vulnerabilities, of which seven are considered critical: six in Windows itself, and one in SharePoint. Apparently, three of the 38 holes are zero-days, because they’re already publicly known, and

A critical vulnerability has been discovered in the Linux-based Ruckus access points (AP) that allows remote attackers to take control of vulnerable systems. Tracked CVE-2023-25717 and first discovered in February, the flaw has been recently exploited by a new botnet named AndoryuBot, according to a new advisory by Fortinet. “[AndoryuBot] contains DDoS attack modules for

by Paul Ducklin About a month ago, we wrote about a data breach notification issued by major motherboard manufacturer MSI. The company said: MSI recently suffered a cyberattack on part of its information systems. […] Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business. […] MSI urges users

European police have arrested scores of suspects and seized thousands of stolen artefacts after a joint physical and cyber operation last year, according to Europol. Operation Pandora VII involved police from Austria, Bulgaria, the Czech Republic, Croatia, Cyprus, Greece, Ireland, Italy, Poland, Portugal, Romania, Spain, Sweden and Bosnia and Herzegovina. As with previous iterations, the

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs (CRIL), Kekw malware can steal sensitive information from infected systems and perform clipper activities that can hijack cryptocurrency transactions. “Following our investigation, we found that

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs (CRIL), Kekw malware can steal sensitive information from infected systems and perform clipper activities that can hijack cryptocurrency transactions. “Following our investigation, we found that

The North Korean state-sponsored APT group known as Kimsuky has been observed using a new malware component called ReconShark. According to an advisory published by SentinelOne security researchers on Thursday, ReconShark is distributed through targeted spear-phishing emails, which contain OneDrive links that lead to downloading documents and activating harmful macros. “The spear-phishing emails are made

by Paul Ducklin World Password Day is always hard to write tips for, because the primary advice you’ll hear has been the same for many years. That’s because the “passwordless future” that we’ve all been promised is still some time away, even if some services already support it. Simply put, we’re stuck with the old,

The City of Dallas in Texas, US, has confirmed a ransomware attack took down essential services, including some 911 dispatch systems.  “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment,” the City wrote in a press release. “Subsequently, the City has

by Paul Ducklin We’ve written about PHP’s Packagist ecosystem before. Like PyPI for Pythonistas, Gems for Ruby fans, NPM for JavaScript programmers, or LuaRocks for Luaphiles, Packagist is a repository where community contributors can publish details of PHP packages they’ve created. This makes it easy for fellow PHP coders to get hold of library code

Pediatric mental health provider Brightline has warned patients that it suffered a data breach on January 30, impacting 783,606 people. Writing in a notice on its website earlier this week, Brightline said the breach was related to a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform. “Through its investigation, Fortra states that it

by Paul Ducklin SILENT SECURITY! (IS THAT A GOOD THING?) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the