admin

0 Comments
Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular
0 Comments
Russia’s invasion of Ukraine has disrupted the vast cybercrime underground operating from the country, thanks to mobilization of some threat actors and the emigration of others, according to Recorded Future. The threat intelligence firm’s new report, Russia’s War Against Ukraine Disrupts the Cybercriminal Ecosystem, is compiled from analysis of dark web sources. The cybersecurity vendor
0 Comments
The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group ESET researchers have discovered one of the payloads of the Wslink downloader that we uncovered back in 2021. We named this payload WinorDLL64 based on its filename WinorDLL64.dll. Wslink, which had the filename WinorLoaderDLL64.dll,
0 Comments
Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered “serious loopholes” that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies
0 Comments
The UK’s privacy regulator has called on accountants to play a key role in ensuring the country’s SMEs are compliant with rigorous data protection laws. The Information Commissioner’s Office (ICO) said that research from 2021 revealed that around a third (34%) of smaller businesses trust their accountants for advice, while a fifth (20%) use these
0 Comments
It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality.
0 Comments
Feb 23, 2023Ravie LakshmananMalware / Threat Intel Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints
0 Comments
A suspected distributed denial of service (DDoS) attack downed several websites broadcasting President Putin’s state of the nation address on Tuesday, according to reports. Reuters said journalists based in multiple locations were unable to access the All-Russia State Television and Radio Broadcasting Company (VGTRK) website or the Smotrim live-streaming platform for periods during the speech.
0 Comments
Feb 22, 2023Ravie LakshmananOpen Source / Supply Chain Attack In what’s a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. “The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another,” Checkmarx researcher
0 Comments
Three fund managers have been sentenced to 12 years and three months following a seven-year investigation into their fraudulent handling of the Libyan sovereign wealth fund. The UK’s National Crime Agency (NCA) said it began its investigation after one of the trio, Frederic Marino, walked out of a London meeting with auditors and promptly fled
0 Comments
Feb 21, 2023Ravie LakshmananCyber Threat Intelligence A new information stealer called Stealc that’s being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. “The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars, and RedLine stealers,” SEKOIA said
0 Comments
The FBI has released a brief statement about a recent cyber-incident that occurred at one of its highest profile field offices, claiming it is now under control. Sources briefed on the matter told CNN that a malicious incident impacted part of its network used in investigations of images of child sexual exploitation. “The FBI is
0 Comments
by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently
0 Comments
Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently. Challenges of new threats’
0 Comments
Several Chinese state-sponsored threat groups have been observed targeting businesses and governments in the European Union. The claims come from a joint publication by the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU). Published on Wednesday, the document directly mentions particular advanced persistent threats (APTs): APT27,
0 Comments
ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results ESET researchers identified a malware campaign that targets Chinese-speaking people in Southeast and East Asia by buying misleading advertisements to appear in Google search results that lead to
0 Comments
A new malicious actor dubbed “WIP26” by SentinelOne has been observed targeting telecommunication providers in the Middle East. Describing the threat in a Thursday advisory, the security researchers said the team has been monitoring WIP26 with colleagues from QGroup GmbH. “WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft
0 Comments
Threat actors used search engine ads to impersonate makers of popular software and direct internet users to malicious websites This week, the ESET research team has published a report describing a malware campaign that took aim at Chinese-speaking people in Southeast and East Asia. The campaign involved malicious advertisements that appeared in Google search and
0 Comments
Feb 18, 2023Ravie LakshmananAuthentication / Online Security Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said. “We will no longer allow
0 Comments
The recent rise in supply chain attacks has placed supply chain security high on the agenda of decision-makers across all industries. The UK National Cybersecurity Centre (NCSC) launched a list of recommendations on 16 February to help medium and large enterprises ‘map’ their supply chain dependencies in order to better anticipate the cyber risks coming
0 Comments
by Paul Ducklin CAN WE STOP WITH THE “SOPHISTICATED” ALREADY? The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With
0 Comments
No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield As military and tech gather to address the frosty world defense conditions and what the intersection of technology’s role is with attendees at AFCEA West, it’s clear that the global warfighting world has changed. No longer