Security

0 Comments
by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently
0 Comments
Several Chinese state-sponsored threat groups have been observed targeting businesses and governments in the European Union. The claims come from a joint publication by the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU). Published on Wednesday, the document directly mentions particular advanced persistent threats (APTs): APT27,
0 Comments
A new malicious actor dubbed “WIP26” by SentinelOne has been observed targeting telecommunication providers in the Middle East. Describing the threat in a Thursday advisory, the security researchers said the team has been monitoring WIP26 with colleagues from QGroup GmbH. “WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft
0 Comments
by Paul Ducklin CAN WE STOP WITH THE “SOPHISTICATED” ALREADY? The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With
0 Comments
The recent rise in supply chain attacks has placed supply chain security high on the agenda of decision-makers across all industries. The UK National Cybersecurity Centre (NCSC) launched a list of recommendations on 16 February to help medium and large enterprises ‘map’ their supply chain dependencies in order to better anticipate the cyber risks coming
0 Comments
Security researchers have warned that a growing number of versatile malware variants are capable of performing multiple malicious actions across the cyber-kill chain. Picus Security compiled its Red Report 2023 by analyzing over 500,000 malware samples last year, identifying their tactics, techniques and procedures (TTPs) and extracting over 5.3 million “actions.” The vendor then mapped these
0 Comments
Microsoft released patches for over 70 CVEs this month, including three zero-day vulnerabilities currently being exploited in the wild. The first of these is CVE-2023-23376, an elevation of privilege flaw in the Common Log File System (CLFS) Driver. Tenable senior staff research engineer, Satnam Narang, explained that Redmond patched two similar flaws in the CLFS
0 Comments
Spain’s Policia Nacional has teamed up with the US Secret Service to dismantle a cybercrime gang that stole millions of dollars from US citizens and companies. Nine suspected members of the group have been arrested – eight in Madrid and one in Miami – after receiving close to €5m ($5.4m) from their victims, which they
0 Comments
Security researchers have discovered another sizeable haul of malicious packages on the npm and PyPI open source registries, which could cause issues if unwittingly downloaded by developers. In January, Sonatype said it found 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more. The discoveries by the firm’s
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new Cybersecurity Advisory (CSA) on Thursday warning critical infrastructure sector entities against ongoing North Korean state-sponsored ransomware activity. Part of the #StopRansomware campaign, the new advisory is a result of a collaboration between CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department
0 Comments
Reddit suffered a cyber-attack after its internal systems were breached on February 05 due to a “sophisticated” and “highly-targeted” phishing attack that led to employee credential compromise. “The attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway in an attempt to steal credentials and second-factor tokens,”
0 Comments
The number of published industrial control system (ICS) vulnerabilities has grown by almost 70% in the past three years, with over a fifth still not patched by manufacturers, according to SynSaber. The security vendor analyzed advisories published by the US Cybersecurity and Infrastructure Security Agency (CISA) between January 1 2020 and December 31 2022 in
0 Comments
Three individuals including a married couple have been arrested in connection with a fraud scheme that may have cost several companies millions of dollars. Officers from the UK’s National Crime Agency (NCA) searched two properties in Loughborough and Lytham St Annes, arresting a man in his fifties and his wife, as well as a second
0 Comments
Recorded business email compromise (BEC) attacks increased by more than 81% during 2022 and by 175% over the past two years, with open rates on malicious emails also surging, according to Abnormal Security. The security vendor analyzed data from its customers to help compile its H1 2023 threat report, Read Alert. It found the median
0 Comments
by Paul Ducklin OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates. These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium
0 Comments
A government-backed competition to encourage school-aged children to pursue a career in cybersecurity persuaded thousands across the UK to enter this year. Thirteen teams were named champions of their region at the 2023 CyberFirst Girls Competition finals last weekend, with more than 8700 entering the contest, according to the National Cyber Security Centre (NCSC). After
0 Comments
The developer of several stalkerware apps has been handed a fine of nearly half a million dollars and told to modify the software. A consortium of 16 companies owned by Patrick Hinchy produced snooping apps Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint and TurboSpy. These enabled customers to secretly monitor a comprehensive
0 Comments
Threat actors have been observed using malvertising attacks to distribute virtualized .NET malware loaders dubbed “MalVirt.” According to a Thursday advisory by SentinelOne, the new loaders leverage obfuscated virtualization techniques to avoid detection. “The loaders are implemented in .NET and use virtualization, based on the KoiVM virtualizing protector of .NET applications, in order to obfuscate
0 Comments
The UK’s data protection and privacy regulator will no longer fine public electronic communications service providers (CSPs) if they fail to report a data breach within 24 hours. The Information Commissioner’s Office (ICO) said that as long as CSPs – including mobile carriers and ISPs – report any incidents to it within 72 hours they