Security

by Paul Ducklin CELEBRATING THE TRUE CRYPTO BROS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our

The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its Remote Monitoring and Management (RMM) Cyber Defense Plan.  Created in collaboration with industry and government stakeholders through the Joint Cyber Defense Collaborative (JCDC), the plan is a decisive step in countering the escalating risks associated with exploiting RMM software. RMM tools, designed for continuous

Cleaning product manufacturer Clorox has confirmed significant operational disruption caused by a recent cyber-attack.  According to a notice published on the company’s website, the attack was detected on August 14, prompting Clorox’s IT team to take immediate action by halting suspicious activity and shutting down affected systems. As a precautionary measure, the compromised systems have remained

by Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go

Discord.io has shut down operations after suffering a major data breach exposing the personal details of its 760,000 members. A statement on the Discord.io website confirmed that a preview of the Discord.io’s users database on cybercrime marketplace BreachForums at 12.51am CET on Monday, August 14 (18.51 ET Sunday, August 13, with the rest of the

by Paul Ducklin It’s taken nearly ten years, but the US Department of Justice (DOJ) has just announced the court-approved seizure of a web domain called LolekHosted.net that was allegedly connected to a wide range of crimeware-as-a-service activities. The DOJ also charged a 36-year-old Polish man named Artur Karol Grabowski in connection with running the

Alberta Dental Service Corporation (ADSC) has revealed that nearly 1.47 million individuals have been affected by a data breach that occurred between May 7 and July 9 2023.  ADSC, a partner of the Government of Alberta, US, administers dental benefits through various programs, and the incident has raised concerns over compromised personal information. The breach was

by Paul Ducklin It’s been a while since we’ve written about card skimmers, which used to play a big part in global cybercrime. These days, many if not most cyber-breach and cybercrime stories revolve around ransomware, the darkweb and the cloud, or some unholy combination of the three. In ransomware attacks, the criminals don’t actually

The US Cyber Safety Review Board (CSRB) has issued a comprehensive report shedding light on the operations of the notorious extortion-focused hacker collective, Lapsus$.  The findings reveal that Lapsus$ exploited basic strategies to sidestep conventional security measures, prompting the CSRB to propose ten concrete recommendations for both governmental bodies and industries. The report, delivered to

A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting a critical infrastructure power generator in a southern African nation.  Echoing the high-profile Darkside Colonial Pipeline breach of 2021, the incident occurred during the third and fourth weeks of March 2023, according to a new

Multiple vulnerabilities have been identified in the widely used Avada theme and its accompanying Avada Builder plugin.  These security flaws, uncovered by Patchstack’s security researcher Rafie Muhammad, expose a significant number of WordPress websites to potential breaches. Within these vulnerabilities, the Avada Builder plugin exhibits two weaknesses. The first is an Authenticated SQL Injection (CVE-2023-39309).

“When I worked on a report from the US Cyber Safety Review Board about the Log4j vulnerability, I was stunned to find out that the developer community isn’t necessarily trained on security by design.” These words come from the Acting National Cyber Director of the US Office of the National Cyber Director (ONCD), Kemba Walden

by Paul Ducklin SNOOPING ON MEMORY, KEYSTROKES AND CRYPTOCOINS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of

Multiple zero-day vulnerabilities have been discovered in some of the most used cryptographic multi-party computation (MPC) protocols, putting consumers’ cryptocurrency funds at risk of theft. In findings presented during Black Hat USA on Wednesday, August 9, the Fireblocks Cryptography Research Team said that the vulnerabilities, if left unpatched, would enable attackers to drain funds from

by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two special items dubbed Exploitation Detected.

Law firm Morgan & Morgan has lodged a class-action lawsuit against Tampa General Hospital on behalf of three victims affected by a significant data breach.  Between May 12 and May 30, 2023, cyber-criminals infiltrated Tampa General Hospital’s computer system, pilfering data belonging to approximately 1.2 million patients.  The exposed information encompasses sensitive details like names, addresses,

by Paul Ducklin Audio recordings are dangerously easy to make these days, whether by accident or by design. You could end up with your own permanent copy of something you thought you were discussing privately, preserved indefinitely in an uninterestingly-named file on your phone or laptop, thanks to hitting “Record” by mistake. Someone else could

A widespread cyber-attack on hospital computer systems has caused significant disruptions across the United States, leading to the closure of emergency rooms in multiple states and the diversion of ambulances.  The incident began last Thursday, 3 August, and targeted facilities operated by Prospect Medical Holdings, a California-based company with hospitals and clinics in Texas, Connecticut, Rhode

The Cybersecurity and Infrastructure Security Agency (CISA) has released its FY2024-2026 Strategic Plan, which builds on the cybersecurity strategy published by the White House. The CISA highlighted that the US is at a “moment of opportunity” following the collaborative vision outlined in the Biden-Harris Administration’s 2023 US National Cybersecurity Strategy announced in March 2023. The

A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, eth-tester and databases. The campaign, dubbed VMConnect, was uncovered by ReversingLabs and started around July 28, 2023, with the continuous posting of new malicious PyPI packages daily. The

A stealthy malware has been discovered on npm, the popular package manager for JavaScript, that poses a severe threat by exposing sensitive developer data. The findings come from cybersecurity firm Phylum, who said that on July 31 2023, their automated risk detection platform raised an alert regarding suspicious activities on npm. Over the course of a

by Paul Ducklin Back in August 2016, Heather Morgan, a.k.a. Razzlekhan, a.k.a. the Crocodile of Wall Street (actually, there’s a double-barrelled expletive in front of the word ‘crocodile’, but this is a family-friendly website so we’ll leave you to extrapolate for yourself), and her husband Ilya Lichtenstein got their hands on 120,000 of your finest

Threat intelligence experts from Group-IB have shed light on the hacktivist collective known as Mysterious Team Bangladesh. In a report published today, the firm analyzed the group’s history, tactics and targets, providing vital insights into its operations. Mysterious Team Bangladesh emerged in 2020 but gained international recognition in 2022 after conducting cyber raids against high-profile

by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed

CryptoRom, a notorious scam that combines fake cryptocurrency trading and romance scams, has taken a new twist by utilizing generative artificial intelligence (AI) chat tools to lure and interact with victims.  Sophos security researchers Jagadeesh Chandraiah and Sean Gallagher shared the findings in a report published today, where they said they investigated the growing trend

by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give it a PR-friendly moniker, register

A new and sophisticated malware campaign named “P2Pinfect” has been observed targeting publicly-accessible deployments of the Redis data store. According to a technical write-up published on Monday by Cado Security Labs, the malware is written in Rust, making it challenging to analyze due to the programming language’s complexities. For context, in the time between Cado Security

by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon

The Android spyware known as SpyNote has been targeting financial institutions since late 2022 while expanding its capabilities to carry out bank fraud.  Security researchers at Cleafy have recently shared new findings about SpyNote, saying the malware exploits Accessibility services and various Android permissions to conduct multiple malicious activities.  SpyNote distribution occurs through email phishing

by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of