Dec 29, 2023NewsroomCyber Attack / Web Security The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information
Month: December 2023
The German authorities have announced the takedown of a notorious dark web marketplace known for selling drugs, malware and other illegal items. The federal police service (BKA) and the Frankfurt prosecutor’s office for cybercrime (ZIT) announced the news on Wednesday, but revealed the coordinated action took place on December 16. The English-language Kingdom Market, which was
Digital Security As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred in 2023 Phil Muncaster 28 Dec 2023 • , 5 min. read It’s been another monumental year in cybersecurity. Threat actors thrived against a backdrop of continued macroeconomic and geopolitical uncertainty, using all
Dec 30, 2023NewsroomCryptocurrency / Phishing Scam Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. “These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto
Security researchers have warned against the DarkGate threat actor, who has recently gained notoriety in the realm of remote access Trojans (RATs) and loaders. Earlier today, Proofpoint confirmed it has been tracking a distinct operator of the DarkGate malware, temporarily named BattleRoyal, noting its use in at least 20 email campaigns from September to November
Dec 29, 2023NewsroomEmail Security / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25,
After a quieter month in October, ransomware groups seemed to return with a vengeance in November, with the highest number of listed victims ever recorded, according to Corvus Insurance. In a report published on December 18, 2023, Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39.08%
Digital Security Before getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or information Phil Muncaster 27 Dec 2023 • , 5 min. read The planet is warming and we’re all becoming more environmentally aware. When it comes to IT, this manifests in a surge in “e-waste” recycling.
Dec 28, 2023NewsroomSpyware / Hardware Security The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as
The threat landscape has been bustling in the second half of 2023, according to cybersecurity provider ESET. In its Threat Report: H2 2023, the firm recorded many significant cybersecurity incidents between June and November 2023, a period dominated by AI-related malicious activity and the emergence of new Android spyware. According to the report, a new
Dec 27, 2023NewsroomPrivacy / App Security A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it’s developed using an open-source mobile app framework called Xamarin and
When shopping for a new smartphone, you’re likely to look for the best bang for your buck. If you’re on the hunt for a top-of-the-range device but aren’t keen on paying top dollar for it, offerings from lesser-known manufacturers will probably make your shortlist. Indeed, in the fiercely competitive smartphone market you may be even
Cybercriminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. The firm’s Security Bulletin: Statistics of the Year Report, published on December 14, 2023, showed that particular types of threats also escalated. One example is the use of malicious desktop files (Microsoft
Dec 26, 2023NewsroomMalware / Cybercrime The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. “The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness,” cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. “Carbanak returned
ESO Solutions, a data and software provider for emergency responders and healthcare entities, has commenced the notification process for 2.7 million individuals affected by a ransomware attack. The breach, which unfolded on September 28, compelled ESO to shut down systems temporarily to curb the incident’s reach. Although the attackers accessed and encrypted internal systems, ESO said it
Digital Security Unwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly Phil Muncaster 21 Dec 2023 • , 4 min. read As the festive season approaches, we’re all looking forward to being pampered
Dec 25, 2023NewsroomCyber Espionage / Malware The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB’s formal exit from Russia earlier
Security researchers have discovered a new series of “crypto drainer” malware attacks that have stolen $59m from victims so far after luring them to phishing pages via Google and X (formerly Twitter) ads. A crypto drainer is a type of malware that tricks the user into approving a transaction which then automatically drains their cryptocurrency
Video How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET’s latest Threat Report 22 Dec 2023 This week, the ESET research team released the H2 2023 issue of its Threat Report that looked at the key trends
Dec 24, 2023NewsroomCyber Crime / Data Breach Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent
The UK’s secretary of state for justice has warned of a “clear and present danger” to British democracy from deepfakes ahead of the upcoming general election. Robert Buckland made the remarks on BBC Radio 4’s Today program yesterday, claiming the technology delivers a “liar’s dividend” in that, by undermining trust in the veracity of information,
Dec 22, 2023NewsroomSkimming / Web Security Threat hunters have discovered a rogue WordPress plugin that’s capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. “As with many other malicious or fake WordPress plugins
UK telco EE has warned customers they could be deluged with millions of scam SMS messages on December 23 as fraudsters look to capitalize on last-minute Christmas shopping. The mobile operator claimed that the equivalent day last year saw it block three million text message scams (aka “smishing”), the highest daily number in 2022. This
Dec 22, 2023NewsroomMalware / Cyber Attack The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. “The threat actor targets Ukrainian employees working for companies outside of Ukraine,” cybersecurity firm Deep Instinct
Security vendor Ivanti has released an update to its Avalanche mobile device management (MDM) product which fixes 22 vulnerabilities, 13 of which are rated critical. Ivanti Avalanche is described by the vendor as an enterprise MDM solution capable of managing distributed deployments of more than 100,000 mobile devices – including anything from warehouse scanners to
John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches.
The average direct cost of a serious cybersecurity incident increased by 11% year-on-year to reach $1.7m in 2023, according to consulting firm S-RM. The firm polled 600 C-suite and IT budget holders from US and UK organizations with revenues over $500m to produce its 2023 Cybersecurity Insights Report. The most common incident types were fraud,
ESET Research, Threat Reports A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 19 Dec 2023 • , 2 min. read The second half of 2023 witnessed significant cybersecurity incidents. Cl0p, a notorious cybercriminal group known for carrying
Dec 20, 2023The Hacker NewsBrandjacking / Cyber Threat Hands-On Review: Memcyco’s Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and data theft causing reputation damage and financial losses for both
Security researchers have claimed that a vulnerability described as the biggest and most critical ever discovered was far less dangerous than first believed. Log4Shell was a critical, CVSS 10.0-rated vulnerability in popular open source logging utility Log4j. It was thought to be relatively easy to exploit, enabled remote code execution, and was found in a