ESET Research ESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces ESET Research 18 Dec 2023 • , 1 min. read In this episode of our podcast, ESET malware researchers talk about the dynamics within and between various Neanderthal
Month: December 2023
Dec 19, 2023NewsroomCryptojacking / Cyber Threat The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. “This
Legacy vulnerabilities and Remote Desktop Protocol (RDP) endpoints are being singled out by attackers, according to new data based on billions of recorded cyber-attacks in 2023. Honeypot sensors set up in the UK by insurer Coalition have recorded 5.8 billion attacks so far in 2023, which works out roughly to 17 million each day. Three-quarters
Dec 18, 2023The Hacker NewsTechnology / Application Security Low-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microsoft PowerApps, UiPath, ServiceNow, Mendix,
Tens of thousands of current and former employees of a leading US cybersecurity and nuclear research laboratory were impacted by a major data breach discovered in November, it has been revealed. The Idaho National Laboratory (INL) said in an updated notice published this week that it first became aware of the incident on November 20.
Video Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes 15 Dec 2023 Apple has shipped iOS 17.2 to all users and it includes a new feature that is intended to protect users from attackers who could be misusing the
Dec 17, 2023NewsroomCyber Attack / Data Security MongoDB on Saturday disclosed it’s actively investigating a security incident that has led to unauthorized access to “certain” corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company said it first detected anomalous activity on December 13, 2023, and that
The UK government has proposed new rules designed to regulate the datacenter sector, in a bid to improve baseline cybersecurity and resilience. It’s seeking industry feedback on a new consultation document, Protecting and enhancing the security and resilience of UK data infrastructure, which will be open until February 22 2024. Under the current proposals, datacenter providers
ESET researchers analyzed a growing series of OilRig downloaders that the group has used in several campaigns throughout 2022, to maintain access to target organizations of special interest – all located in Israel. These lightweight downloaders, which we named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using one of several legitimate cloud
Dec 16, 2023NewsroomCyber Security / Incident Response China’s Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to “improve the comprehensive response capacity for data security incidents, to ensure timely and effective control,
Four US residents have been charged with a series of money laundering offenses connected to a major “pig butchering” fraud syndicate. Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, of Rosemead, California; and Hailong Zhu, 40, of Naperville, Illinois, are charged with conspiracy to commit money laundering, concealment
Cybercrime continues to grow rapidly; indeed, it is a highly lucrative global industry. Without accurately accounting for profits from cybercrime (1, 2), we are left looking at the staggering estimated cost of US$7.08 trillion in 2022 for reference. Measured in terms of GDP, the illegal proceeds would rank as the third-largest “economy” worldwide. Regardless, this
Dec 15, 2023NewsroomPrivacy / User Tracking Google on Thursday announced that it will start testing a new feature called “Tracking Protection” starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit “cross-site tracking by restricting website access
Threat actors are switching tactics to compromise their victims with ransomware, with more attacks now exploiting vulnerabilities rather than using phishing emails, according to Corvus Insurance. The insurer analyzed claims data from this year to better understand threat actor activity. It claimed that vulnerability exploitation rose as an initial access method from nearly 0% of ransomware
ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows and Linux systems and usually delivers a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency,
Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been tied to a nation-state group known as APT29, which is also tracked as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. It’s notable for the
Microsoft ended the year with a relatively light patch-load, issuing updates for 34 vulnerabilities including one zero-day first reported back in August. CVE-2023-20588 is a “division-by-zero” vulnerability affecting specific AMD processors that can “potentially return speculative data resulting in loss of confidentiality.” Microsoft addressed the vulnerability in its Patch Tuesday update round, as the latest
Mobile Security A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable. Márk Szabó 11 Dec 2023 • , 3 min. read In a world of instant communication and accelerated by the ever-spreading notion that if you
Dec 13, 2023NewsroomCyber Attack / Geopolitics Ukraine’s biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services. “The cyberattack on Ukraine’s #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air
Proofpoint has warned recruiters of a skilled threat actor targeting them with emails designed to deploy malware. TA4557 is a financially motivated threat actor known to distribute the More_Eggs backdoor, which is designed to establish persistence, profile the targeted machine and drop additional payloads. Throughout 2022 and most of 2023 the actor has been replying to
We Live Progress ChatGPT would probably say “Definitely not!”, but will we learn any lessons from the rush to regulate IoT in the past? Tony Anscombe 11 Dec 2023 • , 3 min. read The accelerated pace in the advancement of technology is challenging for any of us to keep up with, especially for public
Dec 12, 2023NewsroomCryptocurrency / Cyber Attack A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. “This malware is a Python-based information stealer compressed with cx-Freeze to evade detection,” Fortinet FortiGuard Labs researcher Cara Lin said. “MrAnon Stealer steals its victims’ credentials,
Interpol has repeated warnings that human traffickers are fueling an online fraud epidemic in South East Asia and beyond, after revealing details of more arrests made during a recent operation. Operation Storm Makers II involved law enforcers from 27 countries in Asia, as well as Africa, the Middle East and South America. It led to
Critical Infrastructure Legacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks. Tony Anscombe 08 Dec 2023 • , 3 min. read The healthcare industry will, I am sure, remain a significant target for cybercriminals due to the huge potential it provides them to monetize their efforts through ransomware
Dec 11, 2023The Hacker News In the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker’s mind and human psychology. Our upcoming webinar, “Think Like a Hacker, Defend Like a Pro,” highlights this
The ransomware epidemic hitting UK businesses is leading many to increase their prices, adding to already high inflation, new data from Veeam has warned. The data protection firm surveyed 100 directors of UK businesses with over 500 employees that had been successfully compromised at least once by ransomware in the past 18 months. It found that large
Video ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi 08 Dec 2023 This week, ESET researchers have taken a look at a steep increase in deceptive loan apps for Android. According to ESET Research, there has been a large growth of these
Dec 09, 2023NewsroomCyber Threat / Hardware Security Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature
Europe’s cybersecurity agency has warned that geopolitics is fueling a current increase in denial-of-service (DoS) attacks. ENISA analyzed 310 publicly reported DoS attacks between January 2022 and August 2023, to compile its ENISA Threat Landscape for DoS Attacks report. It claimed that two-thirds (66%) were motivated by political reasons or activist agendas, with half (50%)
Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals. Chip-based cards emerged as a successor, offering enhanced security