A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is “bundled with a Chinese language greyware ‘SMS Bomber’ tool that is most likely illegally distributed
Month: June 2022
Authored by Lakshya Mathur An LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds information used to access another data object. These files can be created manually using the standard right-click create shortcut
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders Security by design has long been something of a holy grail for cybersecurity professionals. It’s a simple concept: ensure products are designed to be as secure as possible in order to minimize the chances of compromise further down the
Logistics giant Yodel has confirmed it is experiencing a cyber “incident” which is causing service disruption. The UK delivery company posted an update to its site saying: “We are working to restore our operations as quickly as possible but for now, order tracking remains unavailable and parcels may arrive later than expected.” Although the firm
by Paul Ducklin Remember the Capital One breach? We did, though we felt sure it had happened a long time ago. Indeed, when we checked, it had: the story first broke almost three years ago, back in July 2019. At the time, the company reported: Capital One Financial Corporation announced […] that on July 19,
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team
How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money Coined during Al Capone’s times, the term ”money laundering” has since entered the general lexicon as criminals have been busy obscuring the source of their ill-gotten assets and making it appear as if the funds have come from
One of America’s largest banks has suffered a major data breach impacting more than 1.5 million customers. Michigan-headquartered Flagstar Bank generates annual revenues in excess of $1.6bn and describes itself as the country’s sixth-largest bank mortgage originator. Its data breach notification letter revealed the firm experienced unauthorized access to its network several months ago. “After an extensive
by Paul Ducklin Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police? We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to
A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. “Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller
Content management system (CMS) provider WordPress has forcibly updated over a million sites to patch a critical vulnerability affecting the Ninja Forms plugin. The flaw was spotted by the Wordfence threat intelligence team in June and documented in an advisory by the company on Thursday. In the document, Wordfence said the code injection vulnerability made it
The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. “In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern,” Italian cybersecurity firm Cleafy said in a report last week. “This term is
A California man was sentenced to time in prison Wednesday after hacking thousands of iCloud accounts, stealing people’s nude images and videos and sharing them with conspirators. Hao Kuo Chi, acting under the online name of ‘icloudripper4you’, would have illegally obtained the iCloud credentials of approximately 4700 victims and shared their content with other people
In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides
Microsoft added a new known issue affecting its operating systems’ Wi-Fi hotspot feature to its official Health Dashboard page. Affecting Windows 10 and 11 machines, the bug would have been introduced with a Windows update the company released earlier this month. “After installing KB5014697, Windows devices might be unable [to] use the Wi-Fi hotspot feature.”
As the risk of receiving a malware-laden email increases, take a moment to consider how to spot attacks involving malicious spam According to the latest ESET Threat Report, email threats grew by 37 percent in the first four months of the year compared to the last four months of 2021. This was also the largest
Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. “The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote
The UK government has proposed new data laws designed to boost economic growth and innovation, in addition to plans to clamp down on nuisance calls and minimize cookie pop-ups online. The Data Reform Bill, published following a consultation period, is designed to update the UK’s existing data rules following the country’s departure from the European Union. It
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’24”] Computer Science in the 1800s. [02’56”] Fixing Follina. [08’15”] AirTag stalking. [16’22”] ID theft site seizure. [19’41”] The Law of Big Numbers versus SMS scams. With Doug Aamoth and Paul Ducklin. Intro
Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents? One of the key findings from the ESET Threat Report T1 2022 is that the Emotet botnet has risen, Phoenix-like, from the ashes, pumping out vast amounts of
Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the
Free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public, according to an investigation by Cybernews. The cache of 18.5GB connection logs allegedly contained more than 25 million records, which included user device and Play Service IDs, connection timestamps, IP addresses and more. Cybernews said it found the
by Paul Ducklin Marion County, right in the middle of the US state of Indiana, and home to the state’s capital Indianapolis, is also currently home to a tragic court case. (Thanks to fellow writers at The Register for that link – we couldn’t get to the official court site while we were writing this
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called “AutoType.” It was patched by the project maintainers
The topic most top of mind today for HR professionals is keeping and acquiring great talent. One of the most important elements of doing both is providing a desirable and meaningful set of employee benefits. Digital Wellness is a New Pillar in the Employee Benefits Space The idea of Digital Wellness isn’t exactly brand new,
A new report by Telstra Purple’s security forum ClubCISO suggested material security has significantly improved over the last year, driven by a positive shift in organizational influence by chief information security officers (CISOs). The survey analyzed the answers of more than 100 information security executives from private and public organizations worldwide. The majority (54%) said that “no material
by Paul Ducklin A few hours ago, we recorded this week’s Naked Security podcast, right on Patch Tuesday itself. It was just after 18:00 UK time when we hit the mics, which meant it was just after 10:00 Microsoft HQ time, which meant we had access to this month’s official June 2022 Security Updates bulletin
How erring on the side of privacy might ultimately save you from chasing down a virtual rendition of you doing the bidding of a scammer At the RSA Conference 2022, the techno-geekery center of the security universe, the halls once more pulse with herds of real aching-feet attendees slurping up whatever promises to be the
Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and
Online banking puts the ability to pay bills, check your balance, or transfer money at your fingertips. Unfortunately, it can also make you vulnerable to scammers who may try to trick you into giving them access to your account. By remaining vigilant, though, you can avoid common scams. This article discusses mobile banking scams and