“I’m here to recruit you.” Was Christopher Wray, director of the FBI, really joking when he said that hiring people for the FBI was the reason for his presence at the Mandiant mWISE conference? During his opening keynote speech on September 18, Wray explained how collaborating with the private sector has changed the FBI’s approach
Month: September 2023
Sep 19, 2023THNMobile Security / Malware The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. “CapraRAT is a highly invasive tool that gives the attacker control over much of the data on
A further multimillion-dollar distribution of funds from Western Union to victims of fraud perpetrated via its payment network has begun, following a previous payout of $365m. The new $40m tranche of money was forfeited by the Colorado-headquartered financial services giant to the Department of Justice (DoJ) to reimburse 25,000 victims in the US and abroad.
Sep 18, 2023THNCyber Attack / Data Breach Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it
China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed. The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and
Sep 17, 2023THNCryptocurrency / Cyber Attack The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets
Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research. The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1
Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed
A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,”
Sep 15, 2023THNCyber Attack / Password Security Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense,
As the world’s 18th most visited website and 7th most frequented social network, it’s no surprise that Reddit also holds great allure for cybercriminals. Besides an endless number of legitimate subreddits, cute alien pictures as well as annual April Fool’s day events, Redditors may also encounter various kinds of fakery on the site, including scams that
An infamous threat group connected to the North Korean state has been blamed for a major attack on cryptocurrency exchange CoinEx on Tuesday. The Hong Kong-headquartered exchange warned users in a post on X (formerly Twitter) on September 12 that it had “detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange
Sep 14, 2023THNSpyware / Malware The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group’s Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is
Privacy If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details. Márk Szabó 31 Aug 2023 • , 4 min. read In 2021, Apple released a new feature for
ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tool are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated
Video ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money 25 Aug 2023 ESET researchers have found a toolkit that is implemented as a Telegram bot and helps less tech-savvy fraudsters scam people on online marketplaces. The toolkit, which ESET experts named Telekopye, creates template-based
ESET Research Listen as ESET’s Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus ESET Research 10 Aug 2023 Press play to learn about the intricate workings of MoustachedBouncer, an advanced persistent threat (APT) group discovered by ESET and first
Video ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites 31 Aug 2023 ESET researchers have uncovered two active campaigns targeting Android users and spreading the BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites. The
ESET researchers discovered a Ballistic Bobcat campaign targeting various entities in Brazil, Israel, and the United Arab Emirates, using a novel backdoor we have named Sponsor. We discovered Sponsor after we analyzed an interesting sample we detected on a victim’s system in Israel in May 2022 and scoped the victim-set by country. Upon examination, it
Business Security New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought Phil Muncaster 06 Sep 2023 • , 4 min. read Law enforcement remains an integral part of the fight against agile and increasingly well-resourced adversaries. Consumers and businesses, too, can
ESET Research Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims ESET Research 12 Sep 2023 Sextortion emails and other text-based threats have been on a massive increase in H1 2023 and the question remains why. Are criminals just lazy? Are they trying
Video The update to X’s privacy policy has sparked some questions among privacy and security folks, including how long X will retain users’ biometric information and how the data will be stored and secured 08 Sep 2023 Will you give X your biometric data in order to help secure your account on the site? The
The UK Government suffers from a major shortage of cybersecurity experts, putting critical services at high risk of cyber-attacks, a new report from the Parliament’s Public Accounts Committee (PAC) has found. The Committee revealed a major digital skills shortage in the civil service, which has under half the number of digital, data and tech professionals
Sep 13, 2023THNEndpoint Security / Zero Day Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is
Targeting individual ransomware strains is confusing and even unhelpful in tackling this threat vector, according to a joint report from UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA). Threat actors are too quick to reassemble and rebrand after being taken down for a focus on tackling on specific ransomware strains to be
Sep 12, 2023THNEndpoint Security / Data Security A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after Stealer, Pureland, Atomic Stealer, and Realst. “Threat actors are proactively targeting macOS businesses by posing as fake clients
A spate of cyber-attacks against UK schools has claimed its latest victim after a Maidstone secondary school suffered a serious security breach late last week. The Church of England St Augustine Academy in the Kent commuter town serves over 750 students in the local community. Headteacher, Jason Feldwick, warned parents via Facebook that the school’s
Sep 11, 2023THNEndpoint Security / Malware A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. “In this campaign, the threat actors steal and
Security researchers at Cisco Talos have uncovered a scheme that preys on graphic designers and 3D modelers. Cyber-criminals are using cryptocurrency-mining malware to hijack the Graphics Processing Units (GPUs) commonly used in these fields. According to an advisory published by Cisco Talos on Thursday, this campaign has been active since at least November 2021. The