Security

Targeting individual ransomware strains is confusing and even unhelpful in tackling this threat vector, according to a joint report from UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA). Threat actors are too quick to reassemble and rebrand after being taken down for a focus on tackling on specific ransomware strains to be

A spate of cyber-attacks against UK schools has claimed its latest victim after a Maidstone secondary school suffered a serious security breach late last week. The Church of England St Augustine Academy in the Kent commuter town serves over 750 students in the local community. Headteacher, Jason Feldwick, warned parents via Facebook that the school’s

Security researchers at Cisco Talos have uncovered a scheme that preys on graphic designers and 3D modelers. Cyber-criminals are using cryptocurrency-mining malware to hijack the Graphics Processing Units (GPUs) commonly used in these fields. According to an advisory published by Cisco Talos on Thursday, this campaign has been active since at least November 2021. The

China has unveiled a new cyber capability powered by artificial intelligence, enabling the automatic generation of images for influence operations. These operations aim to mimic US voters across the political spectrum, fueling controversy along racial, economic and ideological lines. The findings come from a new report released by Microsoft Threat Analysis Center (MTAC) on Thursday.

The UK’s data protection regulator is set to review how period and fertility tracking applications process user information, after revealing that many women have concerns. The Information Commissioner’s Office (ICO) said it has contacted the developers of many of these apps to find out more. It also wants users to come forward and share their

A left-leaning think tank has urged a new UK Labour government to place cybersecurity front-and-center of its policymaking, borrowing from the Biden administration playbook where necessary. Progressive Britain’s new paper, CyberSecuronomics: Cybersecurity and Labour’s Modern Industrial Strategy, argued that the current Conservative government’s commitment to cyber is “insufficiently ambitious.” It said the UK still invests

Security researchers have uncovered a new covert phishing operation selling sophisticated tools used to target an estimated 56,000 Microsoft 365 accounts in just a 10-month period. Group-IB revealed the existence of the covert W3LL actor in a new report, W3LL Done: Hidden Phishing Ecosystem Driving BEC Attacks. It claimed the threat actor has been operating

The UK’s National Cyber Security Centre (NCSC) has announced its new chief technology officer (CTO) will be Ollie Whitehouse. Spun out of spy agency GCHQ in 2016, the NCSC plays a crucial role in advising businesses and consumers about how to avoid emerging threats. It also serves as the National Technical Authority for cybersecurity and works

A leading English secondary school has shut down its IT systems following a cyber-attack just days before the start of the new academic year, according to reports. The private Church of England Debenham High School in Suffolk told parents last week that the incident had forced it offline, but that there’s no evidence any personal

SapphireStealer, an open-source information stealer, has emerged as a growing threat since its public debut last year. This malware is designed to pilfer sensitive data, including corporate credentials, and has since seen active usage and modifications by various threat actors. SapphireStealer was initially released on GitHub on December 25 2022. The malware targets browser credential databases

A Chinese-speaking cyber-criminal group named “Smishing Triad” has been observed conducting a large-scale smishing campaign targeting US citizens. This campaign has skillfully impersonated various postal and delivery services, including Royal Mail (UK), New Zealand Postal Service, Correos (Spain), PostNord (Sweden), Poste Italiane, Italian Revenue Service, USPS, Poczta Polska (Poland), J&T Express (Indonesia) and New Zealand Post. 

A recent survey conducted by Jamf, a provider of enterprise-level management and security solutions for Apple ecosystems, has revealed that 49% of European enterprises are operating without a formal Bring-Your-Own-Device (BYOD) policy.  This statistic indicates that a significant portion of organizations across Europe lack visibility and control over the devices – whether personal or work-related

A new security flaw has been discovered in the widely used All-in-One WP Migration Extensions plugin, potentially leaving millions of WordPress websites vulnerable to unauthorized access token manipulation. The All-in-One WP Migration plugin, a popular tool for seamlessly migrating WordPress websites, boasts over 60 million installations. The plugin offers premium extensions, including those for Box,

The leak of the LockBit 3.0 ransomware builder has triggered a surge in personalized variants, impacting various organizations.  Writing in an advisory published last Friday, Kaspersky researchers Eduardo Ovalle and Francesco Figurelli have provided insights into the consequences of this breach, shedding light on the array of LockBit 3.0 derivatives. LockBit 3.0, also known as

by Paul Ducklin US food delivery compeny PurFoods, which trades as Mom’s Meals, has just admitted to a cyberintrusion that took place from 2023-01-16 to 2023-02-22. The company stated officially that: [The] cyberattack […] included the encryption of certain files in our network. Because the investigation identified the presence of tools that could be used

QukBot was one of the most active malware families in Q2 of 2023, according to the latest HP Wolf Threat Insights Report. An analysis by the company noted that the cyber-criminals are diversifying attack methods to bypass security policies and detection tools, one example of this is using “building blog style attacks” to carry out

The FBI has urged users of affected Barracuda appliances to replace them immediately, after warning that they’re still being targeted by a Chinese APT group. A Flash update issued by the agency this week revealed that zero-day vulnerability CVE-2023-2868 continues to be exploited by the group, dubbed UNC4841 by Mandiant, in cyber-espionage attacks. “Barracuda customers

Security researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform. Secureworks said it discovered the reply URL takeover bug earlier in April and it was fixed by Microsoft within 24 hours. More specifically, the researchers had found an abandoned reply

The UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused. Text pest cases occur when an individual gives their personal details, including phone number or email, to a business for legitimate reasons. However, someone working

The North Korean state-sponsored actor Lazarus Group recently started a new campaign targeting internet backbone infrastructure and healthcare entities in Europe and the US, security researchers from Cisco Talos have found. The researchers said that the attackers began exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) in January 2023, only five days after it was disclosed. This

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed

The notorious XLoader malware has resurfaced, posing as a seemingly innocuous office productivity app named “OfficeNote.” Known for its malicious activities since 2015, XLoader started targeting macOS systems in 2021, leveraging Java dependencies for its operation. However, according to an advisory published by SentinelOne on Monday, this new iteration is self-sufficient, programmed in C and

by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped

Cybersecurity-as-a-Service provider Critical Insight has unveiled its 2023 H1 Healthcare Data Breach Report, offering insights into the cybersecurity landscape of the healthcare sector.  The analysis is based on reported data breaches from healthcare organizations to the US Department of Health and Human Services (HHS). The report notes an overall decrease of 15% in total breaches

by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,”

Cyber-criminals have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine AI applications. According to a new advisory published by ESET security researchers, the campaign came to light when an advertisement on Facebook promoted the download of what seemed to be the latest version of Google’s

by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to

A collaborative effort led by Interpol, known as Africa Cyber Surge II, has yielded significant results in combating cybercrime across the African continent.  The joint initiative, supported by international and national law enforcement agencies alongside private sector cybersecurity companies, has led to the successful arrest of 14 suspected cyber-criminals. The operation also identified over 20,000

A recent cybersecurity study has brought to light a concerning vulnerability crisis affecting web applications.  CyCognito’s semi-annual State of External Exposure Management report unveiled a distressing landscape of digital threats across public cloud, mobile and web platforms. The comprehensive analysis of 3.5 million assets, encompassing Fortune 500 entities, highlights the precarious state of data security. The

A significant phishing campaign employing QR codes has recently come to light, with a major US-based energy company as one of the primary targets.  The campaign, which began in May 2023, has witnessed a 2400% surge in volume since then, underscoring the urgency of addressing this emerging threat. Cybersecurity company Cofense has been closely monitoring