Security

by Paul Ducklin Samba is a widely-used open source toolkit that not only makes it easy for Linux and Unix computers to talk to Windows networks, but also lets you host a Windows-style Active Directory domain without Windows servers at all. The name, in case you’ve ever wondered, is a happy-sounding and easy-to-say derivation from

by Paul Ducklin It’s time for this month’s scheduled Firefox update (technically, with 28 days between updates, you sometimes get two updates in one calendar month, but July 2022 isn’t one of those months)… …and the good news is that the worst bugs listed, which get a risk category of High, are those found by

Criminals are using malicious bots to steal information from victims via the popular Telegram and Discord messaging services, said a report this week. Some bots can be rented for as little as $25 a day. The bot-based malware steals credentials, including virtual private network (VPN) client logins, payment card information, cryptocurrency wallets, operating system data,

by Paul Ducklin Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have

Global ransomware volumes shrunk by 23% year-on-year (YoY) in the first half of 2022, but overall malware surged by 11% over the period, according to new data from SonicWall. The mid-year update to the firm’s 2022 SonicWall Cyber Threat Report is based on analysis of one million security sensors over 200 countries, as well as

The UK’s National Crime Agency (NCA) seized millions of pounds’ worth of cryptocurrency last year as part of its efforts to crack down on money laundering and serious and organized crime (SOC). The NCA, which is the UK agency dedicated to tackling SOC, revealed in its latest annual report that during the period April 1

Google this week announced the reversing of its recent decision to remove the app permissions list from the Google Play Store for Android. In tweets published on July 21, the Android Developers team stated that “privacy and transparency are core values in the Android community. We heard your feedback that you find the app permissions section in

by Paul Ducklin As the English translation of the Baroque-era German rendering of the Ancient Greek philosophical saying goes: Though the mills of God grind slowly, yet they grind exceeding small/Though with patience he stands waiting, with exactness grinds he all. Today, this saying is usually applied in respect of the judicial process, noting that

This week HP released their report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back, exploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis. The report’s findings showed how cybercrime is being supercharged through “plug and

by Paul Ducklin The phrase Office macros is a harmless-sounding, low-tech name that refers, in real life, to program code you can squirrel away inside Office files so that the code travels along with the text of a document, or the formulas of a spreadsheet, or the slides in a presentation… …and even though the

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials. A music program on “at least one” out of TAVR Media’s stations – one of Ukraine’s largest radio networks – was interrupted by the false reports just after midday on July 21. The so-far unidentified

by Paul Ducklin Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. The relevant security bulletins, update numbers, and where to find them online are as follows: APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346 APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345 APPLE-SA-2022-07-20-3: macOS

The number of ransomware victims in the second quarter was over a third lower than Q1 2022, thanks in part to the halt in operations from the prolific Conti group, according to GuidePoint Security. The firm’s quarterly ransomware report was based on data obtained from publicly available resources, including postings by threat groups on their data

Russian adversaries are taking advantage of trusted cloud services, including DropBox and Google Drive to deliver malware to businesses and governments, according to new research. Cloaked Ursula – AKA the Russian government-linked APT29 or Cozy Bear – is increasingly using popular online storage services because it makes attacks difficult to detect and prevent, researchers at Palo Alto

by Paul Ducklin Remember Log4Shell? It was a dangerous bug in a popular open-source Java programming toolkit called Log4j, short for “Logging for Java”, published under a liberal, free source code licence, by the Apache Software Foundation. If you’ve ever written software of any sort, from the simplest BAT file on a Windows laptop to

Security researchers have found a new macOS backdoor being used in targeted attacks to steal sensitive information from victims. The threat has been named “CloudMensis” by ESET because it exclusively uses public cloud storage services to communicate with its operators. Specifically, it leverages pCloud, Yandex Disk and Dropbox to receive commands and exfiltrate files, according to

The Tor Project has updated its flagship anonymizing browser to make it easier for users to evade government attempts to block its use in various regions. Tor Browser 11.5 will “transform the user experience of connecting to Tor from heavily censored regions,” according to the US-based non-profit that manages the open source software. It replaces

This week the US Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report into the December 2021 Log4j event, where a number of vulnerabilities were reported with this Java-based logging framework. The report’s methodology included a mixture of interviews and requests for information over a 90-day period, engaging with approximately 80 organizations and individuals

Data generated by OnePoll from April 28 to May 3 2022 on behalf of AT&T shows that the average person happens upon a suspicious online site or social media account 6.5 times a day. The recent survey of 2000 general population Americans also found that 54% of consumers said they were unaware of the difference between active and passive

by Paul Ducklin It’s prime vacation season in the Northern Hemipshere, and in some countries, July and August aren’t just months when some people take some days off, but a period of extended family holidays, often involving weeks away from home or on the road. The good news, of course, is that if you’ve had

Falling cryptocurrency prices are putting pressure on crypto exchanges on the dark web and causing a “bank run,” security researchers have found. This is making it harder for threat actors to “monetize” their attacks, buy vulnerabilities or fund malware-as-a-service operations. Dov Lerner, security research lead at Cybersixgill, suggested that cryptocurrencies have lost up to $1.8tn

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

APT groups are increasingly targeting journalists and impersonating media outlets, according to new research from Proofpoint. The groups – who are state-based or state-aligned actors, are looking to gain access to sensitive information and sources, manipulate news and deceive public relations and other industry professionals into thinking that they are dealing with legitimate news outlets. According to

by Paul Ducklin Have you ever come really close to clicking a phishing link simply through coincidence? We’ve had a few surprises, such as when we bought a mobile phone from a click-and-collect store a couple of years back. Having lived outside the UK for many years before that, this was our first-ever purchase from

A new ransomware family dubbed ‘HavanaCrypt’ disguises itself as a Google software update app, using a Microsoft web hosting service IP address as its command and control server to circumvent detection. Detailed by security researchers at Trend Micro in a report, the ransomware is the latest in a series of malware that poses as a legitimate

by Paul Ducklin Paying money to ransomware criminals is a contentious issue. After all, ransomware demands boil down to one thing, whether you know it in everyday language as extortion, blackmail or standover, namely: demanding money with menaces. Usually, the attackers leave all your precious files where they are, so you can see them sitting

For online shoppers, Amazon Prime Day has become an annual retail event, an opportunity to pick up bargains and save money. However for hackers, it’s also an opportunity to target consumers eager to secure a deal. Cybersecurity company Avanan has warned of an increase in phishing and credential harvesting email attempts in June in advance

by Paul Ducklin Remember 1999? Well, the Melissa virus just called, and it’s finding life tough in 2022. It’s demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn’t face the trials and tribulations that they do today. In the 1990s, you could insert VBA (Visual Basic for Applications)

French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s administrative and management systems on July 4.  The attack, believed to have been carried out by the LockBit ransomware group, took the company’s systems offline as it attempted to minimize damage.