Security

Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv.  The breach exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv

FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign.  Discovered in September and described in an advisory published on Monday, the new campaign has reportedly rapidly updated its arsenal of exploits, incorporating 13 distinct payloads, targeting various vulnerabilities across different Internet of Things (IoT)

Two leading US government security agencies have shared the top 10 most common cybersecurity misconfigurations, in a bid to improve baseline security among public and private sector organizations. The report from the NSA and Cybersecurity and Infrastructure Security Agency (CISA) was compiled from their red and blue team assessments, as well agency hunt and incident

Despite the takedown of the Qakbot threat gang’s infrastructure by the FBI in late August, some of the group’s affiliates are still deploying ransomware through phishing campaigns, according to Cisco Talos. Talos threat researchers found new evidence that a threat actor linked to the Qakbot malware loader (also known as QBot or Pinkslipbot) has been

Amazon Web Services (AWS) said it will require multi-factor authentication (MFA) for all privileged accounts starting mid-2024, in a bid to improve default security and reduce the risk of account hijacking. From that time, any customers signing into the AWS Management Console with the root user of an AWS Organizations management account will be required

The CISA and the National Security Agency (NSA) have published new guidelines in a report called “Identity and Access Management: Developer and Vendor Challenges.”  The document, authored by the Enduring Security Framework (ESF), a partnership led by CISA and the NSA, focuses on addressing the challenges facing identity and access management (IAM) in cybersecurity. ESF’s

Banking security firm ThreatFabric has found evidence that LightSpy, an iPhone spyware discovered in 2020, is more sophisticated than previously reported and could be linked to the infamous Chinese-sponsored threat group APT41. During the investigation, ThreatFabric researchers discovered new features in the LightSpy malware. The spyware was first used in a watering hole attack against

The National Security Agency (NSA) has unveiled the AI Security Center, a new entity dedicated to overseeing the development and integration of artificial intelligence (AI) capabilities within US national security systems.  NSA Director Army Gen. Paul M. Nakasone made the announcement during a discussion hosted by the National Press Club in Washington D.C held on September

The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification highlighting two concerning trends in the world of ransomware attacks.  As of July 2023, the FBI observed a rising occurrence of dual ransomware attacks on the same victim within close date proximity and a shift towards new data destruction tactics in ransomware

Recent weeks have witnessed a significant increase in cyber-attacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns.  The surge in these attacks has prompted DomainTools researchers to delve into their origins and implications, with findings described in an advisory published on Thursday. One smishing message raised suspicions due to its peculiar

Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads. Malwarebytes researchers have now demonstrated how unsuspecting users seeking software downloads can be tricked into visiting malicious websites and unwittingly downloading malware. Bing Chat, an artificial intelligence (AI) interactive text and image application powered by OpenAI’s

The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android devices.  The company unveiled this increased payout on X (formerly Twitter) on Tuesday, aiming to attract top-tier researchers and developer teams to collaborate with their platform. Under this program, Operation Zero is willing to pay

The Budworm advanced persistent threat (APT) group, also known as LuckyMouse, Emissary Panda or APT27, has once again demonstrated its active development of cyber-espionage tools.  In August 2023, security researchers from Symantec’s Threat Hunter Team, a part of Broadcom, uncovered Budworm’s use of an updated version of its key tool to target a Middle Eastern telecommunications

Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues.  With over 50,000 active installations, the plugin developed by smp7 and wp.insider is widely used for custom membership management on WordPress sites. The flaws identified by Patchstack security researchers include

Xenomorph malware has reemerged in a new distribution campaign, expanding its scope to target over 30 US banks along with various financial institutions worldwide.  Cybersecurity analysts from ThreatFabric recently uncovered this resurgence, which relies on deceptive phishing webpages posing as a Chrome update to trick victims into downloading malicious APKs. Xenomorph first came to the

Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security

Unit 42 researchers have unveiled a web of complex cyber-espionage attacks targeting a government in Southeast Asia. While initially thought to be the work of a single threat actor, the researchers discovered that the attacks were orchestrated by three separate and distinct clusters of threat actors. These espionage operations, occurring simultaneously or nearly so, affected

Security researchers at SentinelLabs, in collaboration with QGroup, have unveiled a new threat actor known as Sandman. This unidentified group has been launching targeted attacks on telecommunications providers in regions including the Middle East, Western Europe and South Asia. According to an advisory published by SentinelLabs on Thursday, Sandman’s tactics are marked by stealthy lateral movements

The year 2023 has seen a surge of over 700 advertisements on the dark web offering Distributed Denial of Service (DDoS) attacks through Internet of Things (IoT) devices, suggests a new report by Kaspersky. These services come at varying price points, depending on factors like DDoS protection and verification on the target’s end, ranging from

The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super

The UK government has announced its decision to establish a data bridge with the US, enabling the free flow of personal data between the two regions. Adequacy regulations have been laid out in the UK Parliament on September 21, 2023, to give effect to this decision, with the regulations due to come into force from

The average annual cost of insider risk incidents has risen to $16.2m per organization in 2023, up from $15.4m in 2022, according to DTEX and the Ponemon Institute’s latest Cost of Insider Risks report. This represents a 40% rise over four years. The research also found that the number of insider incidents has increased to

A Chinese-linked threat actor known as ‘Earth Lusca’ has been conducting cyber espionage campaigns against governments around the world via a previously unknown Linux backdoor, according to an analysis by Trend Micro. The researchers, Joseph C Chen and Jaromir Horejsi, revealed they had been tracking the group since an initial publication about its activities in

Malicious actors have stolen more than $1m in a ‘pig butchering’ cryptocurrency scam in just three months, researchers from Sophos have found. The highly sophisticated operation used a total of 14 domains and dozens of nearly identical fraud sites, according to the investigation. The attackers utilized fake trading pools of cryptocurrency from decentralized finance (DeFi)

A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,”

China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed. The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and

Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research. The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote

A ransomware attack on a third-party supplier to Greater Manchester Police (GMP) has exposed personal data of more UK police officers. The attackers reportedly targeted a company in Stockport, near Manchester, UK, which makes ID cards for various organizations, including GMP. It therefore holds personal details of staff working at GMP, which recently celebrated employing

Microsoft has detailed a new phishing campaign in which corporate employees are targeted via MS Teams. The tech giant said the campaign is being perpetrated by financially motivated threat actor Storm-0324. This group acts as a “distributor” in the cyber-criminal community, distributing the payloads of other attackers after achieving initial network compromise via email-based initial

A multi-stage malware attack has recently come to light, with Windows systems as its primary target, according to security researchers at Fortinet. This campaign, discovered in August, employs a series of malicious tactics capable of compromising organizations in several ways. According to a technical blog post published by Fortinet security expert Cara Lin on Monday,