Month: August 2022

0 Comments
Authored by Oliver Devane Technical Support Scams have been targeting computer users for many years. Their goal is to make victims believe they have issues needing to be fixed, and then charge exorbitant fees, which unfortunately some victims pay. This blog post covers a number of example actions, that scammers will go through when they
0 Comments
The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination,
0 Comments
A new analysis by Kaspersky unveiled a wave of targeted attacks on military-industrial complex enterprises and public institutions in Belarus, Russia, Ukraine and Afghanistan. The cybersecurity company made the announcement in an advisory published on Monday, which claims the attackers were able to penetrate several enterprises and hijack the IT infrastructure of some of them.
0 Comments
by Paul Ducklin Popular collaboration tool Slack (not to be confused with the nickname of the world’s longest-running Linux distro, Slackware) has just owned up to a cybersecurity SNAFU. According to a news bulletin entitled Notice about Slack password resets, the company admitted that it had inadvertently been oversharing personal data “when users created or
0 Comments
A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto’s account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. “Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more difficult to defend against,” researchers from
0 Comments
Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.   Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s
0 Comments
ReversingLabs researchers discovered a new ransomware family targeting Linux-based systems in South Korea. Dubbed GwisinLocker, the malware was detected by ReversingLabs on July 19 while undertaking successful campaigns targeting firms in the industrial and pharmaceutical space. “In those incidents, it often launched attacks on public holidays and during the early morning hours (Korean time) – looking to
0 Comments
Learn the basics of zero-trust, and how building a zero-trust environment can protect your organization. This week, ESET’s security evangelist Tony Anscombe participated in a panel on zero-trust architecture during ChannelCon. He explains what zero-trust means, and the basic practises any organisation should implement to protect themselves. Watch the video to learn more.
0 Comments
Whether using the internet for play or work, you want to spend your time online enjoying the peace of mind that comes with having a secure network.  You don’t want to contend with someone taking your personal data — whether it’s credit card information, passwords, or bank account details — via malware or a data
0 Comments
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a “geographic expansion of Iranian disruptive cyber operations.” The July 17 attacks, according to Albania’s National Agency
0 Comments
Cybersecurity-focussed non-profit CREST has partnered up with the Open Web Application Security Project (OWASP) to release the OWASP Verification Standard (OVS). The move aims to provide mobile and web app developers with enhanced security assurance and accredited organizations with improved access to the app development industry. “Both CREST and OWASP are non-profit organizations and we
0 Comments
European missile maker MBDA has publicly denied some of the hacking allegations against the company made on a dark web forum in July and posted on Twitter by Today Cyber News on Tuesday. The self-proclaimed hacking group who first made the allegation went under the name “Andrastea,” and claimed to have obtained roughly 60 GB of
0 Comments
by Paul Ducklin Cryptocurrency protocol Nomad (not to be confused with Monad, which is what PowerShell was called when it first came out) describes itself as “an optimistic interoperability protocol that enables secure cross-chain communication,” and promises that it’s a “security-first cross-chain messaging protocol.” In plain English, it’s supposed to let you swap cryptocurrency tokens
0 Comments
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. “One
0 Comments
Google published its monthly security bulletin for August on Monday, detailing the latest available patches for Android. A total of 37 vulnerabilities have been patched, including a critical security flaw in the System component that could lead to remote code execution via Bluetooth with no additional execution privileges needed. The Bluetooth vulnerability is tracked as