admin

US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.  The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good

A catastrophic “once-in-200-years” cyber event could cause $33bn in losses for the cyber-insurance sector, according to a new report from Guy Carpenter. The reinsurer’s Through the Looking Glass report used three modelling platforms to calculate its estimates: CyberCube, Cyence and Moody’s RMS. Into these it fed proprietary data related to almost two million cyber policies.

by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

The UK’s tax office has warned of a new set of scams designed to trick customers claiming tax credits into handing over their personal and financial information. Currently being phased out in favor of a new Universal Credit system, tax credits can be claimed by low-income households to help them with the cost of living. However,

by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down),

The Pentagon’s strategy for proactive disruption of malicious activity has been influenced by the unfolding events in Ukraine, according to a classified document sent to Congress. The US Department of Defense’s 2023 DoD Cyber Strategy is not immediately available to view, but a fact sheet summarized some of the key points for public consumption. “Since 2018,

by Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-buildin toolkit known as Expo. The good news is that Expo responded really quickly to SALT’s bug report, coming up with a fix within just a few

Nearly half a million members of a notorious cybercrime forum have had their details publicly exposed after a key database was published on another hacking site. Cybersecurity researchers at VX-Underground confirmed the news that over 478,000 users of RaidForums had their data leaked on up-and-coming forum Exposed. “The administrative staff of Exposed would not tell

A critical security flaw in the Expo framework has been discovered that could be exploited to reveal user data in various online services. The vulnerability (CVE-2023-28131) was discovered by Salt Security and has a CVSS score of 9.6. In particular, the bug was found in the way Expo’s Open Authorization (OAuth) social-login feature is implemented. 

Romanian cybersecurity firm Safetech launched its official presence in the UK on May 23, 2023, underscoring the recent growth of the UK’s cybersecurity sector. Plans to build a security operations center (SOC) at the Plexal Innovation Hub based in London were announced during the company’s launch event. Anca Stancu, co-founder and managing partner of Safetech

New Russian-linked malware designed to take down electricity networks has been identified by Mandiant threat researchers, who have urged energy firms to take action to mitigate this “immediate threat.” The specialized operational technology (OT) malware, dubbed COSMICENERGY, has similarities to malware used in previous attacks targeting electricity grids, including the ‘Industroyer’ incident that took down

Perception Point has observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022. According to the company’s 2023 Annual Report: Cybersecurity Trends & Insights report, the total number of attacks increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread

by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our