From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels As the mercury rises and we look forward to vacationing in sunnier climbs, it’s also time to keep one eye peeled for internet scams and cyberthreats. Travel
Month: June 2023
Jun 21, 2023Ravie LakshmananCyber Threat / Privacy The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. “The threat actor sent their commands through the Golang backdoor that is using
Over reliance on security certifications can lead to a less diverse and less innovative workforce, and processes designed to satisfy auditors rather than improve security, according to a CISO panel. Speaking at Infosecurity Europe, Munawar Valji, CISO of Trainline, Dr Emma Philpott, CEO at the IASME Consortium and Helen Rabe, CISO at the BBC asked
by Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers and graphics cards. This week, the company published firmware updates for a wide range of its home routers, along with a strong warning that if you aren’t willing or able to update your firmware right
Jun 20, 2023Ravie LakshmananOperational Technology Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors. “OT:ICEFALL demonstrates the need for tighter scrutiny
The use of connected devices in healthcare is driving innovation, offering new ways to assist medical staff. However, the adoption of the Internet of Things (IoT) has expanded the attack surface IT decision-makers in the healthcare industry have to deal with. A new report by Armis found that many cybersecurity leaders in UK National Health Service
by Paul Ducklin For the third time in about a week, cybersecurity law-and-order news includes a criminal case that’s been brewing for more than a decade. This time, the news is prison sentences for two of the main four original defendants in the infamous Megaupload saga. If you weren’t following cybersecurity a decade ago, we’ll
A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs extensive mechanisms to resist analysis. “The code is heavily
The Shuckworm espionage group (aka Gamaredon, Armageddon), believed to be linked to the Russian Federal Security Service (FSB), has been observed intensifying its cyber-attacks on Ukraine. Discovered by the Symantec Threat Hunter Team, the new Shuckworm campaign focused on acquiring military and security intelligence to support potential invading forces. In particular, it aimed to gain
Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves Bullying of any kind can have a devastating impact on the victim’s well-being and life. Physical bullying, also known as face-to-face or in-person bullying, is still an issue in schools, with many researchers saying that its long-term
As Threat Actors Continuously Adapt their TTPs in Today’s Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill’s collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines
An updated version of the Android GravityRAT spyware targeting WhatsApp backups has been discovered by security researchers at ESET. In an advisory published by the firm on Thursday, ESET malware researcher Lukas Stefanko said the new variant of the malware is being distributed via two messaging apps called BingeChat and Chatico. GravityRAT is a remote
by Paul Ducklin DON’T GET INTO THE HABIT OF A BAD HABIT Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul
Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans? Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups? This week, ESET researchers revealed how an updated version of Android GravityRAT spyware is being spread as free messaging
Jun 17, 2023Ravie LakshmananCryptojacking / Network Security Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. “The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit,” Cado Security said in a
The US Department of Justice (DoJ) has announced the arrest and charges filed against a Russian national accused of participating in cyber-attacks using the LockBit ransomware. Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, allegedly targeted computer systems in the United States, Asia, Europe and Africa. Astamirov is the second individual arrested in connection
by Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe for doing so is “immediately”, no ifs, no buts. Progress Software is the maker of file-sharing software MOVEit Transfer, and the hosted MOVEit Cloud alternative that’s based on it, and this is its third
ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT is a remote access tool known to be used since at least
Jun 16, 2023Ravie LakshmananEndpoint Security / Network Security The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. ChamelGang was first outed
The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released joint guidance on hardening Baseboard Management Controllers (BMCs). Published on Wednesday, the document aims to address the overlooked vulnerabilities in BMCs, which can serve as potential entry points for malicious actors seeking to compromise critical infrastructure systems. Read more
by Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related
Jun 15, 2023Ravie LakshmananMalware / Cyber Threat The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. “Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia,”
A series of malicious GitHub repositories masquerading as legitimate security research projects have been discovered. VulnCheck researcher Jacob Baines shared the findings in a new advisory published today, saying the repositories claim to contain exploits for well-known products such as Chrome, Exchange and Discord. “In early May, VulnCheck came across a malicious GitHub repository that
by Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update, by the way): For a full list of this month’s Microsoft Patch Tuesday fixes, take a look at our sister site Sophos News, where SophosLabs analysts have collated complete lists of the
While not a ‘get out of jail free card’ for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident Cyber risk is on the rise as the combined impact of surging threat levels, expanding attack surfaces and security skills shortages are putting organizations at a disadvantage. Faced with an
Jun 14, 2023Ravie LakshmananCloud Security / Vulnerability Two “dangerous” security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. “The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure service iframe, which can lead to severe consequences,
Cryptocurrency wallets have been targeted by a new malware dubbed “DoubleFinger.” The findings come from security experts at Kaspersky, who discussed the threat in a blog post published on Monday. “As the value and popularity of cryptocurrencies continue to rise, so does the interest of cybercriminals,” commented Sergey Lozhkin, a lead security researcher at Kaspersky’s Global
by Naked Security writer Remember Mt. Gox? Originally, it was a card-trading site called MTGOX, short for Magic The Gathering Online Exchange (there was no sense of “Mountain” in the name at all), but the domain changed hands in the early days of cryptocurrency. Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox
Jun 13, 2023Ravie LakshmananPhishing Attacks / BEC “Dozens” of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. “Following a successful phishing attempt, the threat actor gained initial access to one of the victim
The US and UK have reached an agreement to create a ‘data bridge’ to enable the free flow of data between the two regions. The ‘commitment in principle’ represents a UK extension to the Data Privacy Framework agreed between the EU and US in 2022. This means that US companies who are approved to join