by Paul Ducklin Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away. As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document. But what names they were! The
Month: July 2023
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud As European football teams prepare to kick-off their summer soccer tours in the USA it provides a huge opportunity for local fans to see some of the top teams and players in
Jul 19, 2023THNVulnerability / Cyber Threat Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code
Conor Brian Fitzpatrick, famously known as “Pompompurin,” has entered a guilty plea for hacking charges in the United States District Court for the Eastern District of Virginia, Alexandria Division. This comes after the US government recently seized the surface web domains linked to the notorious cybercrime marketplace, BreachForums, even though Fitzpatrick had been arrested months
Jul 18, 2023THNData Security / Cyber Attack A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary “gained unauthorized access to our systems to target a small and specific set of our customers,”
Windows users have been targeted again by the sophisticated malware known as LokiBot, which is spreading through malicious Office documents. According to a new advisory by Fortinet security researcher Cara Lin, attackers are leveraging known vulnerabilities, such as CVE-2021-40444 and CVE-2022-30190, to embed malicious macros within Microsoft Office documents. Once executed, these macros drop the
Jul 17, 2023THNCyber Attack / Data Safety The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. “As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts,”
A new threat actor group has been observed conducting a series of cyber-attacks targeting government entities, military organizations and civilian users in Ukraine and Poland. According to a new advisory by Cisco Talos, the malicious campaigns started in April 2022 and are currently ongoing. They primarily aim at stealing valuable information and establishing persistent remote
by Paul Ducklin You’re probably familiar with the word gaslighting, used to refer to people with the odious habit of lying not merely to cover up their own wrongdoing, but also to make it look as though someone else is at fault, even to the point of getting the other person to doubt their own
Here’s how cybercriminals have adjusted their tactics in response to Microsoft’s stricter security policies and other interesting findings from ESET’s new Threat Report This week, the ESET research team released the H1 2023 ESET Threat Report that examines the key trends and developments that shaped the cybersecurity landscape from December 2022 to May 2023. Among
Jul 15, 2023THNArtificial Intelligence / Cyber Crime With generative artificial intelligence (AI) becoming all the rage these days, it’s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business email compromise (BEC) attacks, according to new findings shared by security firm SlashNext. “We’re now seeing an unsettling trend among cyber-criminals on forums, evident in discussion threads offering ‘jailbreaks’ for interfaces like ChatGPT,” wrote security
by Paul Ducklin Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X,
A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts We are pleased to present the latest issue of ESET Threat Report, which brings changes aimed at making its contents more engaging and accessible. One notable modification is our new approach
Jul 14, 2023THNVulnerability/ Cyber Threat Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for “unauthorized remote code execution, which means an
A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident Response and Security Teams (FIRST) on July 13, 2023. CVSS is the open industry standard for assessing the severity of computer system security vulnerabilities, helping organizations prioritize their vulnerability management processes. It provides a method
by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and
Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar? It all began innocently enough when a Tesla employee received an invitation from a former associate to catch up over drinks. Several wining and dining sessions later, the old acquaintance made his real intentions
Jul 13, 2023THNCyber Attack Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy
A notorious Russian state-affiliated cyber gang has leveraged a legitimate sale of a BMW car to target diplomats in Kyiv, Ukraine, a new analysis by Palo Alto Network’s Unit 42 researchers has observed. The novel phishing campaign was carried out by the ‘Cloaked Ursa’ group (aka Cozy Bear, APT29), which the US and UK have
by Paul Ducklin This Tuesday, 2023-07-11, was Microsoft’s Patch Tuesday for July 2023, so here’s a brief reminder to do two things: Patch early, patch often. More than 100 vulnerabilities were patched this month, including four zero-day security holes for which working exploit code already exists. Even though everyone was at risk until Tuesday, it’s
A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot
Jul 12, 2023THNRansomware / Cyber Threat Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. “Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June,” the
The MOVEit cyber-attack continues to grow, with more organizations falling victim every day. Brett Callow, a threat analyst at Emsisoft, counted 257 organizations and 17,750,524 individuals impacted by the attack on July 11, 2023. Meanwhile, the Clop ransomware group, which is reportedly responsible for the attack, keeps adding names to the list of victims on
by Paul Ducklin Betteridge’s Law of Headlines insists that any headline posed as a question can instantly be answered with a simple “No.” Apparently, the theory behind this witticism (it’s not actually a Law, nor yet a rule, nor even in fact anything more than a suggestion) is that if the author knew what they
A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates,” Cisco Talos said in an exhaustive two-part report
The RomCom threat actor has reportedly launched a targeted cyber campaign aimed at organizations and individuals supporting Ukraine just days before a highly anticipated NATO Summit. The BlackBerry Threat, Research and Intelligence team uncovered this sophisticated operation and described it in an advisory published earlier today. In particular, the team said it discovered two deceptive
by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download when you decide to fetch
Jul 11, 2023THNZero-Day / Endpoint Security Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted
Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns. The claims come from ReversingLabs researchers, who said in a blog post published on Thursday the packages pose a dual threat, affecting application end users while also supporting email-based phishing attacks, mainly targeting Microsoft 365 users. Software