The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published a comprehensive set of guidelines aimed at defending Continuous Integration/Continuous Delivery (CI/CD) environments. The guidelines address the rising threat of malicious cyber actors (MCAs) exploiting vulnerabilities in CI/CD pipelines, particularly through the exposure of secrets. CI/CD pipelines are essential
Month: June 2023
by Paul Ducklin PONG FOR ONE!? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS
The beginning of the summer break is the perfect time for parents to remind their children about the importance of safe online habits The sun’s out, and so is school. But despite our best efforts, the chances are that our children will spend the coming summer holiday period glued to their devices. Depending on their
Jun 29, 2023Ravie Lakshmanan The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that’s been put to use by the actor since 2021. Evidence shows that the custom made, actively developed framework has been leveraged in the February 2023 attack on Technion, an Israeli research institute,
Canada’s leading integrated energy company Suncor Energy has announced earlier this week that it experienced a cybersecurity incident resulting in technical problems at its subsidiary, Petro-Canada. As a result, more than 1500 gas stations nationwide are unable to accept credit card payments and customers cannot use rewards points. Suncor Energy, ranked as the 48th-largest public company
by Naked Security writer The latest high-profile cybercrime exploits attributed to the Clop ransomware crew aren’t your traditional sort of ransomware attacks (if “traditional” is the right word for an extortion mechanism that goes back only to 1989). Conventional ransomware attacks are where your files get scrambled, your business gets totally derailed, and a message
Cybercriminals can use USB charging stations in airports, hotels, malls or other public spaces as conduits for malware Over the past 10-plus years, modern smartphones and other portable devices have become our constant companions. These days, smartphones let us do much more than make phone calls or send text messages. Mobile technology puts the world
Jun 28, 2023Ravie LakshmananFirmware Security / Tech Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is “feasible to compromise the
Threat actors using the notorious banking Trojan Anatsa have launched a new campaign targeting banks in the US, UK and the DACH region (Germany, Austria and Switzerland). According to a new blog post by ThreatFabric, this ongoing campaign started around March 2023 and has witnessed over 30,000 installations of the malware so far. The security experts highlighted
Jun 27, 2023Ravie LakshmananMalware / Cyber Threat A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. “The injection is executed without space allocation, setting permissions or even starting a thread,” Security Joes researchers Thiago Peixoto, Felipe Duarte, and Ido Naor
A trojanized Super Mario Bros game installer has been found to contain multiple malicious components, including an XMR miner, the SupremeBot mining client and the open-source Umbral Stealer. The discovery comes from security researchers at Cyble Research and Intelligence Labs (CRIL), who described the threat in an advisory published last Friday. According to the technical
by Naked Security writer Some hacks become so notorious that they acquire a definite article, even if the word THE ends up attached to a very general technical term. For example, you can probably trot out the names of dozens of well-known internet worms amongst the millions that exist in the zoos maintained by malware
Jun 26, 2023Ravie LakshmananCryptography / Cybersecurity In what’s an ingenious side-channel attack, a group of academics has found that it’s possible to recover secret keys from a device by analyzing video footage of its power LED. “Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the
New versions of Chinese espionage malware have been observed spreading rapidly through infected USB drives. The malicious software tools were discovered by Check Point Research (CPR) as part of an attack against a healthcare institution in Europe and described in an advisory published on Thursday. The Check Point Incident Response Team (CPIRT) investigated the malware
by Matt Fairbanks Ransomware – as readers here know only too well – is one of the biggest cybercrime challenges we collectively face today. That’s why Sophos has recently visited cities around the globe to dive deep into the real story behind ransomware. We captured more than 100 hours of interviews with cybercriminals, cybersecurity experts,
Jun 24, 2023Ravie LakshmananCyber Crime / Cryptocurrency A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O’Connor (aka PlugwalkJoe), 24, was awarded the sentence on Friday in the Southern District of New York, a little over a
Security researchers have discovered a sophisticated attack campaign that exploits custom and open-source tools to target Linux-based systems and Internet of Things (IoT) devices. According to a new blog post by Microsoft, the attackers utilized a patched version of OpenSSH to gain control of compromised devices and install cryptomining malware. Read more on this type
by Paul Ducklin Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they’re seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties. The payloads unleashed by this crew of
Jun 24, 2023Ravie LakshmananThreat Intel / Zero Day The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and
Service members across the US military have reported receiving smartwatches unsolicited in the mail. These smartwatches have Wi-Fi auto-connect capabilities and can connect to cell phones unprompted, gaining access to user data. According to the US Criminal Investigation Division (CID), the smartwatches may also contain malware granting the sender access to saved data, including banking information,
by Paul Ducklin The Australian Prime Minister, Anthony Albanese, has apparently advised people Down Under to turn off their mobile phones once a day, for the surprisingly precise period of five minutes, as a cybersecurity measure. UK newspaper The Guardian quotes the PM as saying: We all have a responsibility. Simple things, turn your phone
The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government The US government is now offering a $10 million reward for information linking the Cl0p ransomware gang or other threat actors targeting US critical infrastructure to a foreign government. This is after Cl0p
Jun 23, 2023Ravie LakshmananSocial Engineering / Phishing A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. “The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus
As the UK’s largest building society, Nationwide has 18,000 users on its IT systems, 400 domains and 750 servers. The business pushes out 25,000 technology changes and updates every year. As a financial services provider, the society faces an increase in cyber-threats, as well as the need to comply with industry-specific legislation. As a result,
by Paul Ducklin LISTEN AND LEARN Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of critical router bugs. MOVEit mayhem Part III. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on
A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources It’s a truism that personal data is a valuable asset for cybercriminals, as it allows them to tailor and otherwise improve their phishing and other social engineering attacks. The wealth and variety of personal data that is
Jun 22, 2023Ravie LakshmananCyber Attack / Phishing A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone
Becky Pinkard describes herself as an outsider who found her place, and was able to express her true identity, in the cybersecurity industry. Pinkard, who has worked in cybersecurity since 1996, is now managing director of global cyber operations at Barclays. She is also a speaker, diversity advocate and security trainer who says that she
by Paul Ducklin Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware. Most notable about the original story was its strapline: Targeted attack on [Kaspersky] management with the Triangulation Trojan. Although the company ultimately said, “We’re confident that Kaspersky was not the main
From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels As the mercury rises and we look forward to vacationing in sunnier climbs, it’s also time to keep one eye peeled for internet scams and cyberthreats. Travel
- 1
- 2
- 3
- 4
- Next Page »