Oct 31, 2023NewsroomNational Security / Cyber Threat Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an “unacceptable level of risk to privacy and security.” “The Government of Canada is committed to keeping government information and networks secure,” the Canadian government said. “We regularly
Month: October 2023
A new malicious campaign by the notorious Lazarus Group has been observed leveraging malware distributed through legitimate software. Kaspersky’s Research and Analysis Team (GReAT) unveiled the cyber campaign at the Security Analyst Summit (SAS). The team’s investigation identified a series of cyber incidents where targets were infected through legitimate software designed to encrypt web communications
Oct 30, 2023NewsroomKubernetes / Server Security Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows – CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain
Microsoft has described the Octo Tempest (aka Scattered Spider, 0ktapus, UNC3944) group as “one of the most dangerous financial criminal groups” operating today. In a lengthy analysis, the tech giant explained that the financial extortion group is unusual in comprising English-speaking threat actors, even though it has collaborated with the Russian-speaking ALPHV/BlackCat ransomware operation. “Historically,
The UK’s National Cyber Security Centre (NCSC) has announced the launch of a new offering designed to prevent school users visiting malicious websites. PDNS for Schools is completely free and will be rolled out from now into the coming year, according to NCSC deputy director for economy and society, Sarah Lyons. “This timeframe will allow
Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and
Generative AI is too beneficial to abandon despite the threats it poses to organizations, according to experts speaking at the ISC2 Security Congress 2023. During a session at the event, Kyle Hinterburg, Manager at LBMC and Brian Willis, Senior Manager at LBMC pointed out that while criminals will utilize generative AI tools and they carry
Video The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser 27 Oct 2023 This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities
Oct 28, 2023NewsroomPrivacy / Data Security New findings have shed light on what’s said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. “The attacker has issued several new TLS certificates using
Nigerian police have uncovered and shut down a cybercrime recruitment and training center in the country’s capital. A post on X (formerly Twitter) by the Nigerian Police Force (NPF) claimed that its National Cybercrime Center (NCCC) made six arrests after officers raided the hub in the Dantata Estate area of Abuja. “The investigation and operation
ESET Research ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible Matthieu Faou 25 Oct 2023 • , 5 min. read ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began
Oct 27, 2023NewsroomNetwork Security / Vulnerability F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. “This vulnerability
UK lawmakers have launched an inquiry into the cyber-resilience of critical national infrastructure (CNI), claiming the country is the third most targeted globally, after the US and Ukraine. The Science, Innovation and Technology Committee will oversee the inquiry, alarmed at the proliferation of state and non-state actors using offensive cyber capabilities against UK organizations. As
Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said
Artificial intelligence (AI) adoption has skyrocketed in 2023 and some fear that this will make some jobs obsolete, but ISACA experts believe that generative AI is likely to create new jobs and opportunities. One area where AI is expected to create a lot of new jobs is in digital trust. Digital trust professionals are responsible
Digital Security Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off? André Lameiras 23 Oct 2023 • , 6 min. read “Continue with Google” – such a seamless way to sign
Oct 25, 2023NewsroomExploit / Vulnerability Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. “An
Cybersecurity experts at Proofpoint have identified a new variant of the Grandoreiro malware, previously known for targeting victims in Brazil and Mexico. This latest version of Grandoreiro, attributed to the threat actor TA2725, has expanded its reach to target banks in Spain as well. Writing in an advisory published today, the researchers said they recently
Oct 24, 2023NewsroomCyber Attack / Password Management Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. “We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either
Valve is bolstering the security of its Steamworks platform by introducing SMS verification for developers, aiming to prevent future incidents of hackers infiltrating developer accounts. The move comes in response to previous breaches where malevolent actors compromised developers’ accounts and injected malware into various game builds. While these attacks, as confirmed by PC Gamer, impacted fewer
Oct 21, 2023NewsroomData Breach / Cyber Attack Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury,
Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts. The DarkGate and Ducktail
Video ESET’s analysis of cybercrime campaigns in Latin America reveals a notable shift from opportunistic crimeware to more complex threats, including those targeting enterprises and governments 20 Oct 2023 This week, ESET researchers announced the release of a report that looked at more than a dozen publicly documented malicious campaigns targeting Latin America between 2019
Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a “key target” in France. “In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia,” the agency said. “The main perpetrator, suspected of being a developer of the Ragnar
The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity (ENISA). The 11th edition of ENISA’s Threat Landscape report, published on October 19, 2023, compiles cyber threats observed by the Agency
Business Security Knowledge is a powerful weapon that can empower your employees to become the first line of defense against threats Phil Muncaster 19 Oct 2023 • , 5 min. read It’s Cybersecurity Awareness Month (CSAM) time again this October. This is an awareness-raising initiative that spans both consumer and corporate worlds, although there’s plenty
Oct 21, 2023NewsroomZero-Day / Vulnerability Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and
The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk. The study, published today and conducted in 38 organizations across nine industries and 125 countries, revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to
Business Security How robust backup practices can help drive resilience and improve cyber-hygiene in your company Phil Muncaster 18 Oct 2023 • , 5 min. read Could your company survive if its most critical data stores were suddenly encrypted or wiped out by cybercriminals? This is the worst-case scenario many organizations have been plunged into
An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. “The actors behind the attack used spear-phishing