admin

0 Comments
A British man has admitted being a member of an international video piracy ring that illegally distributed “nearly every movie released by major production studios.” On Thursday, before United States District Judge Richard M. Berman, George Bridi pleaded guilty to conspiracy to commit copyright infringement, which carries a maximum sentence of five years in prison. Bridi, who
0 Comments
With the widespread adoption of hybrid work models across enterprises for promoting flexible work culture in a post pandemic world, ensuring critical services are highly available in the cloud is no longer an option, but a necessity. McAfee Enterprise’s MVISION Unified Cloud Edge (UCE) is designed to maximize performance, minimize latency, and deliver 99.999% SLA
0 Comments
Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks. From the Chris Krebs keynote to highlighting third-string, nation-state entrants into the cyber-arms race, the art of targeted disinformation is heating up here at CYBERWARCON. Two years ago (the last time the conference
0 Comments
A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. “In every attack, the threat actor demonstrates extensive red teaming skills and the
0 Comments
by Paul Ducklin [00’52”] Fun Fact: The dawn of the transistor [01’37”] Emotet malware: “The report of my death was an exaggeration” [08’26”] FBI email hack spreads fake security alerts [15’19”] Tech history: Why tubes are valves, and valves are tubes [16’44”] Samba update patches plaintext password plundering [22’24”] The hijackable self-driving robot suitcase [30’22”]
0 Comments
Entertainment company Sky took more than 17 months to fix a security flaw that impacted roughly six million routers belonging to its customers.  The DNS rebinding vulnerability was discovered in May 2020 by Raf Fini, a researcher at British cybersecurity company Pen Test Partners.  Six router models were affected by the flaw: Sky Hub 3, Sky Hub 3.5,
0 Comments
Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible
0 Comments
A threat actor believed to be associated with the Democratic People’s Republic of Korea (DPRK) has a certain fondness for repetition, according to new research published today. In the report Triple Threat: North Korea–Aligned TA406 Scams, Spies, and Steals, researchers at Proofpoint shine a light on the nefarious activity of the threat actor TA406, whose campaigns they have
0 Comments
In the October 2021 Threat Report, McAfee Enterprise ATR provides a global view of the top threats, especially those ransomware attacks that affected most countries and sectors in Q2 2021, especially in the Public Sector (Government). In June 2021 the G7 economies urged countries that may harbor criminal ransomware groups to take accountability for tracking
0 Comments
Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers
0 Comments
by Paul Ducklin Tommy Mysk and Talal Haj Bakry describe themselves as “two iOS developers and occasional security researchers on two continents.” In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not taking application or operating system security features for granted, but keeping their own eyes
0 Comments
The United States has announced plans to sell tens of millions of dollars’ worth of seized crypto-currency to compensate victims of fraud. On Friday, US District Judge Todd Robinson granted a request from the US Department of Justice and the US Attorney’s Office for the Southern District of California for authority to liquidate BitConnect crypto-currency
0 Comments
ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East Back in 2018, ESET researchers developed a custom in-house system to uncover watering hole attacks (aka strategic web compromises) on high-profile websites. On July 11th, 2020 it notified us that the website of the Iranian embassy in
0 Comments
Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet
0 Comments
Cybersecurity professionals are unsurprised by the apparent return of Emotet malware.  First discovered as a banking trojan in 2014, the malware evolved into a powerful tool deployed by cyber-criminals around the world to illegally access computer systems.  The malware’s creators — APT group TA542 — hired Emotet out to other cyber-criminals, who used it to
0 Comments
Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed “Blacksmith” (CVE-2021-42114, CVSS score: 9.0) — is designed to trigger bit flips on target refresh rate-enabled DRAM chips with
0 Comments
A cyber-safety platform has found a humorous way to warn the American public how to spot a gift card scam ahead of the holiday season.  ScamSpotter.org has made a series of amusing videos in which some of the ridiculous storylines deployed by gift card scammers are played out by actors.  In one Hollywood blockbuster–style dramatization, a
0 Comments
Spain’s second-biggest brewery says it expects to fully recover from a “highly complex” cyber-attack “in the coming days.”  Sociedad Anónima Damm, which has been making the world-renowned Estrella Damm lager since 1876, was targeted by cyber-criminals on Tuesday.  The attack on the company’s computer systems temporarily halted production at all of Damm’s breweries. However, the main brewery
0 Comments
Becoming a cloud first company is an exciting and rewarding journey, but it’s also fraught with difficulties when it comes to securing an entire cloud estate. Many forwarding-thinking companies that have made massive investments in migrating their infrastructure to the cloud are facing challenges with respect to their cloud-native applications. These range from inconsistent security