Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in a game assistant tool called “DesiEsp” which is an assistant tool for PUBG game available on GitHub. Basically, cyber criminals added their own malicious code
Month: October 2021
Security professionals advise to never use ‘beef stew’ as a password. It just isn’t stroganoff. Passwords are the bane of everyone’s lives, but let’s face it – we all need them. And they aren’t going away as fast as Microsoft may want them to. For the time being, we will continue to depend on them
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber
The first ever person to be convicted of cyber-stalking in the District of Nebraska has been sentenced to federal prison. Dennis Sryniawski, a 48-year-old resident of Bellevue, was charged with intent to extort and cyber-stalking his former girlfriend, Diane Parris, in an attempt to prevent her husband, Jeff Parris, from being elected to the Nebraska
In the hands of a thief, your Social Security Number is the master key to your identity. With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away. Part of what makes an
Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era In the pandemic era, many organizations prioritize business continuity at the expense of cybersecurity. Especially in the early days of the pandemic, the focus was on just getting things done – supporting a rapid shift to
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the
by Paul Ducklin According to Reuters, the REVil ransomware operation was “hacked and forced offline this week by a multi-country operation”. Reuters writes that one of its sources claims the hack-back against this notorious ransomware crew was achieved thanks to the combined efforts of the FBI, the US Cyber Command, the Secret Service “and like-minded
A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest. More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month. During the event, teams of NCFI-trained local law enforcement officials
There’s a person behind every cybercrime. That’s easy to lose sight of. After all, cybercrime can feel a little anonymous, like a computer is doing the attacking instead of a person. Yet people are indeed behind these attacks, and over the years they’ve been getting organized—where cybercriminals structure and run their operations in ways that darkly mirror
Want to help make technology safer for everyone? Love solving puzzles? Looking for a rewarding career? Break into cybersecurity! Insights from ESET researchers Aryeh Goretsky and Cameron Camp will put you on the right track. How do you start a career in cybersecurity? What qualifications, certifications and skills do you need? Should you spend half
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a “lone wolf” threat actor operating a Lahore-based fake
by Paul Ducklin [00’30”] Hook up with our forthcoming Live Malware Demo presentation. [02’02”] How to build your cybersecurity career. [07’24”] Why we think you should celebrate Global Encryption Day. [10’55”] A whole new twist on bogus online “friendships”. [21’01”] How to stop your network cables giving you away. [34’50”] Oh! No! Why superglue is
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs. Award recipients NPower and CyberWarrior will use the cash injection to bring cybersecurity training to the unemployed and to underemployed communities. CISA announced the awards yesterday to coincide with the third week of its Cybersecurity Summit, organized
Many people are excited about Gartner’s Secure Access Service Edge (SASE) framework and the cloud-native convergence of networks and security. While originally proposed as fully unified architecture delivering network and security capabilities, the reality soon dawned that enterprise transition to a complete SASE model would be a decade long journey due to factors such as
Brave Search will become the default search option for new users in the US, UK, Canada, Germany and France, with more countries to follow soon Brave, the company most widely known for its eponymous privacy-focused browser, has announced that it will replace Google and other search engines with its own Brave Search as the default
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can
by Paul Ducklin Sadly, a lot of the cryptocurrency news that we write about on Naked Security involves cybercriminals getting mixed up in things, often with depressing results. Two months ago, for example, a Japanese company called Liquid found that a cool $100 million had gone missing overnight, in a puff of cryptographic dust. We
A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m. The security incident was caused by a flaw in a search tool on a website maintained by the state’s Department of Elementary and Secondary Education.
In a world of contact-free pickup and payments, an old hacker’s trick is getting a new look—phony QR code scams. QR codes have been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual information in a relatively compact space. In that way, a QR code shares many similarities with a
Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants alone, according to a report by the Financial Crimes Enforcement Network (FinCEN)
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National
A hacker from Michigan who stole and sold the sensitive data of tens of thousands of University of Pittsburgh Medical Center (UPMC) employees has been sent to prison. Former Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson pleaded guilty on May 20 to counts 1 and 39 of a 43-count indictment. The court heard that
Introduction Going by recent headlines you could be forgiven for thinking all ransomware operators are raking in millions of ill-gotten dollars each year from their nefarious activities. Lurking in the shadows of every large-scale attack by organized gangs of cybercriminals, however, there can be found a multitude of smaller actors who do not have access
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to
by Paul Ducklin The overall motto of #Cybermonth consists of three simple words. Repeat these words (try sitting on your hands while you’re saying them, for extra safety) whenever you’re faced with a cybersecurity risk, instead of rushing straight in and making a possibly expensive mistake: Stop. Think. Connect. Well, in Week 3 of #Cybermonth
American media company Sinclair Broadcast Group is in the grips of a ransomware attack. The Baltimore-based company, which operates and/or provides services to 185 television stations in 86 markets, became aware of a potential security incident on Saturday and launched an investigation. In a statement released Monday, the group said: “On October 17, 2021, the Company [Sinclair Broadcast Group]
When you’re online, the world is at your fingertips. You can do amazing things like stream the latest movies while they’re still in theaters! Or you can enjoy the convenience of online shopping and avoiding the DMV by renewing your driver’s license remotely. This is possible because we’re able to communicate with these organizations through many different channels and we trust them. Unfortunately, many bad actors have taken advantage of this trust
Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who’s spent any amount of time maintaining systems will know that patching is often easier said than done. Yes, in some instances, you
The personal data of thousands of individuals have been stolen from a non-profit professional membership organization located in Illinois. Cyber-thieves struck the American Osteopathic Association (AOA) in the summer of 2020, making off with information that included names, Social Security numbers, and financial account details. The AOA, which is headquartered in Chicago, represents around 151,000