Security

The UK Cyber Security Council (UKCSC) has announced the closure of the country’s Certified Cyber Professional (CCP) scheme to new applicants from June 30. Although CCP certifications will remain valid until they expire at latest on December 31 2026, the move is being made to make way for the launch of new chartered titles in

US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.  The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good

A catastrophic “once-in-200-years” cyber event could cause $33bn in losses for the cyber-insurance sector, according to a new report from Guy Carpenter. The reinsurer’s Through the Looking Glass report used three modelling platforms to calculate its estimates: CyberCube, Cyence and Moody’s RMS. Into these it fed proprietary data related to almost two million cyber policies.

by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

The UK’s tax office has warned of a new set of scams designed to trick customers claiming tax credits into handing over their personal and financial information. Currently being phased out in favor of a new Universal Credit system, tax credits can be claimed by low-income households to help them with the cost of living. However,

by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down),

The Pentagon’s strategy for proactive disruption of malicious activity has been influenced by the unfolding events in Ukraine, according to a classified document sent to Congress. The US Department of Defense’s 2023 DoD Cyber Strategy is not immediately available to view, but a fact sheet summarized some of the key points for public consumption. “Since 2018,

by Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-buildin toolkit known as Expo. The good news is that Expo responded really quickly to SALT’s bug report, coming up with a fix within just a few

Nearly half a million members of a notorious cybercrime forum have had their details publicly exposed after a key database was published on another hacking site. Cybersecurity researchers at VX-Underground confirmed the news that over 478,000 users of RaidForums had their data leaked on up-and-coming forum Exposed. “The administrative staff of Exposed would not tell

A critical security flaw in the Expo framework has been discovered that could be exploited to reveal user data in various online services. The vulnerability (CVE-2023-28131) was discovered by Salt Security and has a CVSS score of 9.6. In particular, the bug was found in the way Expo’s Open Authorization (OAuth) social-login feature is implemented. 

Romanian cybersecurity firm Safetech launched its official presence in the UK on May 23, 2023, underscoring the recent growth of the UK’s cybersecurity sector. Plans to build a security operations center (SOC) at the Plexal Innovation Hub based in London were announced during the company’s launch event. Anca Stancu, co-founder and managing partner of Safetech

New Russian-linked malware designed to take down electricity networks has been identified by Mandiant threat researchers, who have urged energy firms to take action to mitigate this “immediate threat.” The specialized operational technology (OT) malware, dubbed COSMICENERGY, has similarities to malware used in previous attacks targeting electricity grids, including the ‘Industroyer’ incident that took down

Perception Point has observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022. According to the company’s 2023 Annual Report: Cybersecurity Trends & Insights report, the total number of attacks increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread

by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our

by Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts got there in the end. The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man

North Korea threat actor Lazarus group is targeting Windows IIS web servers to launch espionage attacks, according to a new analysis by AhnLab Security Emergency response Center (ASEC). The researchers said the approach represents a variation on the dynamic-link library (DLL) side-loading technique, a tactic regularly utilized by the state-affiliated group. Here, they believe the

by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers’ toolkits that have done computer science and software engineering a world

Google has enhanced the security of its first-party Android applications by launching the Mobile Vulnerability Reward Program (Mobile VRP). The tech giant made the announcement on Twitter Monday, hours after publishing the new initiative. The Mobile VRP aims to encourage researchers and security experts to identify and report vulnerabilities in Google-developed or maintained Android apps. 

China has banned products sold by US chipmaker giant Micron, citing cybersecurity concerns. The Cyberspace Administration of China announced the decision on May 21, 2023, following a cybersecurity review of Micron products sold in China that was initiated in March 2023. In the statement, the Chinese government said the review had flagged “serious cybersecurity problems”

by Naked Security writer In November 2022, we wrote about a multi-country takedown against a Cybercrime-as-a-Service (CaaS) system known as iSpoof. Although iSpoof advertised openly for business on a non-darkweb site, reachable with a regular browser via a non-onion domain name, and even though using its services might technically have been legal in your country

The CommonMagic malware implant has been associated with a previously unknown advanced persistent threat campaign linked to the Russo-Ukrainian conflict and relies on a new modular framework. Dubbed “CloudWizard,” the framework was discovered by security researchers at Kaspersky, who described it in an advisory published today. Leonid Bezvershenko, Georgy Kucherin and Igor Kuznetsov highlighted that sections

A vulnerability has been discovered in the KeePass password management software (v2.X), allowing an attacker to dump the master password from the program’s memory. The vulnerability (CVE-2023-32784) was discovered by security researcher Dominik Reichl and is expected to be resolved in the upcoming release of KeePass 2.54 in early June 2023. Reichl described the flaw

Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cyber-criminals.  The Cyber Signals report, titled “The Confidence Game,” provides a comprehensive analysis of the threat landscape from April 2022 to April 2023, suggesting the company’s systems currently detect and investigate an

by Paul Ducklin AN INSIDER ATTACK (WHERE THE PERP GOT CAUGHT) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop

China–Taiwan tensions have led to a significant increase in cyber-attacks targeting Taiwan, according to a new report by security experts at Trellix. In particular, the company spotted a surge in cyber-attacks aimed at Taiwanese industries, with the primary goal of deploying malware and stealing sensitive information. “Trellix has observed a surge in malicious emails targeted

by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system update that takes you to

Several new ways of effectively abusing Microsoft Teams via social engineering have been discovered by security researchers at Proofpoint. “[We] recently analyzed over 450 million malicious sessions, detected throughout the second half of 2022 and targeting Microsoft 365 cloud tenants,” reads a report published by the company earlier today. “According to our findings, Microsoft Teams is

by Naked Security writer He goes by many names, according to the US Department of Justice. Mikhail Pavlovich Matveev, or just plain Matveev as he’s repeatedly referred to in his indictment, as well as Wazawaka, m1x, Boriselcin and Uhodiransomwar. From that last alias, you can guess what he’s wanted for. In the words of the