0 Comments
Jul 21, 2023THNEmail Security / Cyber Attack The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD
0 Comments
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known as WyrmSpy and DragonEgg. A new report published by cybersecurity firm Lookout on July 19, 2023, highlighted the findings, mentioning APT41’s history of targeting both government organizations and private enterprises for espionage and financial gain.
0 Comments
by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including
0 Comments
Jul 20, 2023THNCloud Security / Cyber Espionage Microsoft on Wednesday announced that it’s expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure. The tech giant said it’s making the change in direct response
0 Comments
Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform. On July 11, 2023, Adobe released patches for several vulnerabilities affecting ColdFusion, including a Rapid7-discovered access control bypass vulnerability (CVE-2023-29298) and an insecure deserialization vulnerability allowing arbitrary code execution (CVE-2023-29300). However, Rapid7 has recently observed that
0 Comments
Conor Brian Fitzpatrick, famously known as “Pompompurin,” has entered a guilty plea for hacking charges in the United States District Court for the Eastern District of Virginia, Alexandria Division.  This comes after the US government recently seized the surface web domains linked to the notorious cybercrime marketplace, BreachForums, even though Fitzpatrick had been arrested months
0 Comments
Windows users have been targeted again by the sophisticated malware known as LokiBot, which is spreading through malicious Office documents.  According to a new advisory by Fortinet security researcher Cara Lin, attackers are leveraging known vulnerabilities, such as CVE-2021-40444 and CVE-2022-30190, to embed malicious macros within Microsoft Office documents.  Once executed, these macros drop the
0 Comments
Jul 17, 2023THNCyber Attack / Data Safety The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. “As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts,”
0 Comments
A new threat actor group has been observed conducting a series of cyber-attacks targeting government entities, military organizations and civilian users in Ukraine and Poland.  According to a new advisory by Cisco Talos, the malicious campaigns started in April 2022 and are currently ongoing. They primarily aim at stealing valuable information and establishing persistent remote
0 Comments
Here’s how cybercriminals have adjusted their tactics in response to Microsoft’s stricter security policies and other interesting findings from ESET’s new Threat Report This week, the ESET research team released the H1 2023 ESET Threat Report that examines the key trends and developments that shaped the cybersecurity landscape from December 2022 to May 2023. Among
0 Comments
Jul 15, 2023THNArtificial Intelligence / Cyber Crime With generative artificial intelligence (AI) becoming all the rage these days, it’s perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been
0 Comments
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business email compromise (BEC) attacks, according to new findings shared by security firm SlashNext. “We’re now seeing an unsettling trend among cyber-criminals on forums, evident in discussion threads offering ‘jailbreaks’ for interfaces like ChatGPT,” wrote security
0 Comments
A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts We are pleased to present the latest issue of ESET Threat Report, which brings changes aimed at making its contents more engaging and accessible. One notable modification is our new approach
0 Comments
Jul 14, 2023THNVulnerability/ Cyber Threat Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for “unauthorized remote code execution, which means an
0 Comments
A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident Response and Security Teams (FIRST) on July 13, 2023. CVSS is the open industry standard for assessing the severity of computer system security vulnerabilities, helping organizations prioritize their vulnerability management processes. It provides a method
0 Comments
by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and
0 Comments
by Paul Ducklin This Tuesday, 2023-07-11, was Microsoft’s Patch Tuesday for July 2023, so here’s a brief reminder to do two things: Patch early, patch often. More than 100 vulnerabilities were patched this month, including four zero-day security holes for which working exploit code already exists. Even though everyone was at risk until Tuesday, it’s
0 Comments
Jul 12, 2023THNRansomware / Cyber Threat Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. “Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June,” the