Security

Security researchers at Kaspersky have unveiled research into the activities of the notorious ransomware group known as Cuba. According to a new advisory published by Kaspersky earlier today, the notorious cyber-criminal gang has been targeting organizations worldwide, spanning various industries. The technical write-up shows that in December 2022, Kaspersky detected a suspicious incident on a

Security researchers at Cisco Talos have uncovered a scheme that preys on graphic designers and 3D modelers. Cyber-criminals are using cryptocurrency-mining malware to hijack the Graphics Processing Units (GPUs) commonly used in these fields. According to an advisory published by Cisco Talos on Thursday, this campaign has been active since at least November 2021. The

China has unveiled a new cyber capability powered by artificial intelligence, enabling the automatic generation of images for influence operations. These operations aim to mimic US voters across the political spectrum, fueling controversy along racial, economic and ideological lines. The findings come from a new report released by Microsoft Threat Analysis Center (MTAC) on Thursday.

The UK’s data protection regulator is set to review how period and fertility tracking applications process user information, after revealing that many women have concerns. The Information Commissioner’s Office (ICO) said it has contacted the developers of many of these apps to find out more. It also wants users to come forward and share their

Sensitive patient data may have been accessed following a breach of the Janssen CarePath platform, a subsidiary of pharmaceutical giant Johnson & Johnson. Tech firm IBM, a service provider to Johnson & Johnson Health Care Systems, notified customers of the incident in a statement on September 6, 2023. IBM explained it was alerted to a

Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat actor APT28 against a Ukrainian critical power infrastructure facility. The perpetrators planned to implement their intent using bulk emails from a fake address and a link to a ZIP archive, which, when opened, could have

A north London school and a Berkshire schools group have become the latest victims of serious cyber-attacks ahead of the new term, according to local reports. Highgate Wood School in Crouch End will now begin accepting pupils on September 11 rather than September 5 as originally intended. The secondary school, which serves local students aged 11–16, appears

Gigabytes of sensitive data related to British military and intelligence sites have been exposed by the infamous LockBit ransomware group. Zaun, a Wolverhampton-based manufacturer of fencing systems, has revealed it was hit by a cyber-attack carried out by LockBit on August 5-6. “In an otherwise up-to-date network, the breach occurred through a rogue Windows 7

SapphireStealer, an open-source information stealer, has emerged as a growing threat since its public debut last year. This malware is designed to pilfer sensitive data, including corporate credentials, and has since seen active usage and modifications by various threat actors. SapphireStealer was initially released on GitHub on December 25 2022. The malware targets browser credential databases

A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens. This campaign has skillfully impersonated various postal and delivery services, including Royal Mail (UK), New Zealand Postal Service, Correos (Spain), PostNord (Sweden), Poste Italiane, Italian Revenue Service, USPS, Poczta Polska (Poland), J&T Express (Indonesia) and New Zealand Post. 

Fortinet has observed significant threat exploitation targeting Adobe ColdFusion, a web development computing platform. This is despite a series of security updates (APSB23-40, APSB23-41, and APSB23-47) released by Adobe in July following reports of several critical vulnerabilities in its platform. Since those updates, however, Fortinet’s FortiGuard Labs IPS telemetry data has continued to detect numerous

The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous Chisel, a new piece of malware infecting Ukraine’s military personnel’s mobile phones, to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). In a joint report published on

by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used

The creators of ChatGPT, OpenAI, have launched ChatGPT Enterprise which it claims to be the “most powerful version of ChatGPT yet”. The company also claims that with the new version of its generative AI chatbot, users will get “enterprise-grade security and privacy”. Other features include unlimited higher-speed GPT-4 access, longer context windows for processing longer

Microsoft has observed a proliferation of adversary-in-the-middle (AiTM) techniques deployed through phishing-as-a-service (PhaaS) platforms, the company explained in a series of tweets posted on August 28, 2023. On the one hand, there has been an increasing number of new AiTM-capable PhaaS platforms throughout 2023; on the other, established phishing services, such as PerSwaysion, have also

The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This

The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers

Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply

The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed

Security researchers have detected a 178% increase in sextortion emails between the first half of 2022 and the same period this year, marking the category out as a top email threat. ESET said that sextortion emails ranked third among all email threats in H1 2023. They typically arrive unsolicited and claim to have compromising images

by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped

Experian Consumer Services has agreed to a permanent injunction and to pay a civil penalty of $650,000 to settle allegations relating to the CAN-SPAM Act. The firm, whose parent company is credit agency giant Experian, provides online credit reports, scores and monitoring products to customers. A case filed in the US District Court for the

by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,”

Security vendor Ivanti has urged customers to urgently remediate a newly discovered zero-day vulnerability in its Ivanti Sentry product. Formerly known as MobileIron Sentry, Ivanti Sentry is a secure mobile gateway designed to manage, encrypt and secure traffic traveling between employee devices and back-end corporate systems. A new advisory published by the vendor yesterday revealed

by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to

An intelligence analyst working for police in the North West of England shared information about a major countrywide operation with a criminal contact, in what has been described as a “disgraceful” betrayal of her colleagues. Natalie Mottram, 24, from Warrington, was working on secondment at the North West Regional Organised Crime Unit (ROCU) when she

A recent cybersecurity study has brought to light a concerning vulnerability crisis affecting web applications.  CyCognito’s semi-annual State of External Exposure Management report unveiled a distressing landscape of digital threats across public cloud, mobile and web platforms. The comprehensive analysis of 3.5 million assets, encompassing Fortune 500 entities, highlights the precarious state of data security. The

A significant phishing campaign employing QR codes has recently come to light, with a major US-based energy company as one of the primary targets.  The campaign, which began in May 2023, has witnessed a 2400% surge in volume since then, underscoring the urgency of addressing this emerging threat. Cybersecurity company Cofense has been closely monitoring

Security researchers have spotted a new Chinese espionage campaign targeting Asian gambling companies, which they suspect is the work of the Bronze Starlight group. SentinelLabs revealed that the threat actors abuse Adobe Creative Cloud, Microsoft Edge and McAfee VirusScan executables vulnerable to DLL hijacking in order to deploy Cobalt Strike beacons on targeted machines. They