by Paul Ducklin By all accounts, and sadly there are many of them, a hacker – in the break-and-enter-your-network-illegally sense, not in a solve-super-hard-coding-problems-in-a-funky-way sense – has broken into ride-sharing company Uber. According to a report from the BBC, the hacker is said to be just 18 years old, and seems to have pulled off
Month: September 2022
McAfee’s Mobile Research team recently analyzed new malware targeting NTT DOCOMO users in Japan. The malware which was distributed on the Google Play store pretends to be a legitimate mobile security app, but it is in fact a payment fraud malware stealing passwords and abusing reverse proxy targeting NTT DOCOMO mobile payment service users. McAfee
ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor ESET researchers have discovered a Linux variant of the SideWalk backdoor, one of the multiple custom implants used by the SparklingGoblin APT group. This variant was deployed against a Hong Kong university
Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published
The threat actor known as Webworm has been linked to several Windows–based remote access Trojans, suggests a new advisory by Symantec, a subsidiary of Broadcom Software. The group reportedly developed customized versions of three older remote access Trojans (RATs): Trochilus, Gh0st RAT and 9002 RAT. The first of these tools, first spotted in 2005, is a
by Paul Ducklin LISTEN NOW With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+. We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy. And those concerns have merit. Last year,
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. “Initial malicious activity originated from a Mitel appliance sitting on the network perimeter,” researchers from cybersecurity firm Arctic Wolf said in a report published
Worok takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia ESET researchers have revealed their findings about a previously unknown cyberespionage group that they named Worok. This APT group takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia, but
Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity in airplanes. The flaws were discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs and affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec. “After performing reverse engineering of the firmware, we
by Paul Ducklin Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser. You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser. In a MitM attack, the attackers
Summary Pass-through authentication (PTA) is one of the Azure Active Directory (Azure AD) hybrid identity authentication methods. PTA relies on PTA agents installed on one or more on-premises servers. Azure AD uses a certificate-based authentication (CBA) to identify each agent. In May 2022, Secureworks® Counter Threat Unit™ (CTU) researchers analyzed how the protocols used by
Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a
Has your Wi-Fi speed slowed down to a crawl? Here are some of the possible reasons along with a few quick fixes to speed things up. Wireless internet connectivity is a wonder of the modern age. There are few more ubiquitous technology protocols than Wi-Fi, the means via which radio signals sent from our router
A group of threat actors previously associated with the ShadowPad remote access Trojan (RAT) has adopted a new toolset to conduct campaigns against various government and state–owned organizations across multiple Asian countries. The news comes from the Threat Hunter Team at Symantec, who published a new advisory about the threats earlier today. According to the document,
by Paul Ducklin We’ve been waiting for iOS 16, given Apple’s recent Event at which the iPhone 14 and other upgraded hardware products were launched to the public. This morning, we did a Settings > General > Software Update, just in case… …but nothing showed up. But some time shortly before 8pm tonight UK time
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for allegedly engaging in cyber–enabled activities against the US and its allies. According to a press release on the OFAC website, the MOIS and its cyber actor
A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (IRGC),
Security researchers have linked multiple ransomware campaigns to DEV–0270 (also known as Nemesis Kitten). The threat actor, widely considered a sub–group of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new write–up by Microsoft. However, judging from the threat actor’s geographic and sectoral targeting (which often
Wouldn’t it be nice if, along with grades for English, Science, and Algebra this year, our child’s report card included quarterly feedback on their mental health? Recently, actor Tom Holland of Spider-Man fame reported on his mental health publicly by deleting several of his social media accounts. The actor stated that his social media accounts
The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. “Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions. The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report. “Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT
It’s too bad cybercriminals don’t funnel their creativity into productive pursuits because they’re constantly coming up with nefarious new ways to eke out money and information from unsuspecting people. One of their newest schemes is called synthetic identity theft, a type of identity theft that can happen to anyone. Luckily, there are ways to lower
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you’re putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook
It pays to do some research before taking a leap into the world of internet-connected toys The Internet of Things (IoT) is changing the way we live and work. From smart pacemakers to fitness trackers, voice assistants to smart doorbells, the technology is making us healthier, safer, more productive and entertained. At the same time,
We are deeply saddened by the passing of Her Majesty Queen Elizabeth II who dedicated her life to service. She brought comfort, leadership and steadfastness to millions of people during her 70-year reign. On behalf of Infosecurity Magazine and our employees and customers, we send our sincerest condolences to the Royal Family and to all
by Paul Ducklin Dates, times and timezones are troublesome things. Daylight saving, or “summer time” as it’s also commonly known, makes matters even worse, because many countries tweak their clocks twice a year in order to shift the apparent time of sunrise and sunset in relation to the regular working day. In the UK, for
Password protection is one of the most common security protocols available. By creating a unique password, you are both proving your identity and keeping your personal information safer. However, when every account you have requires a separate password, it can be an overwhelming task. While you should be concerned about the safety of your data,
Multiple security vulnerabilities have been disclosed in Baxter’s internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. “Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a coordinated advisory. Infusion pumps