by Paul Ducklin Betteridge’s Law of Headlines insists that any headline posed as a question can instantly be answered with a simple “No.” Apparently, the theory behind this witticism (it’s not actually a Law, nor yet a rule, nor even in fact anything more than a suggestion) is that if the author knew what they
A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates,” Cisco Talos said in an exhaustive two-part report
The RomCom threat actor has reportedly launched a targeted cyber campaign aimed at organizations and individuals supporting Ukraine just days before a highly anticipated NATO Summit. The BlackBerry Threat, Research and Intelligence team uncovered this sophisticated operation and described it in an advisory published earlier today. In particular, the team said it discovered two deceptive
by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download when you decide to fetch
Jul 11, 2023THNZero-Day / Endpoint Security Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted
Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns. The claims come from ReversingLabs researchers, who said in a blog post published on Thursday the packages pose a dual threat, affecting application end users while also supporting email-based phishing attacks, mainly targeting Microsoft 365 users. Software
Jul 03, 2023The Hacker NewsWebsite Security Tool Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and
Confidential information, including unreleased TV shows, scripts and materials, belonging to the popular children’s television channel Nickelodeon, have been reportedly compromised in a significant data leak. According to social media reports, an individual allegedly dumped approximately 500GB of animation files. The authenticity of the leaked content is yet to be confirmed by Nickelodeon. Still, a spokesperson
Originally a banking trojan, Emotet later evolved into a full-blown botnet and went on to become one of the most dangerous cyberthreats worldwide Originally a banking trojan, Emotet later evolved into a botnet that went on to become one of the most prevalent cyberthreats worldwide – until it was taken down by an international law
Jul 08, 2023Swati KhandelwalMobile Security / Spyware Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a
Two spyware applications posing as file management tools have been discovered on the Google Play Store with a total of at least 1.5 million installs. The apps, attributed to the same developer and discovered by cybersecurity firm Pradeo, exhibit similar malicious behaviors and operate without user interaction. Their main objective is to covertly extract and transmit
A brief summary of what happened with Emotet since its comeback in November 2021 Emotet is a malware family active since 2014, operated by a cybercrime group known as Mealybug or TA542. Although it started as a banking trojan, it later evolved into a botnet that became one of the most prevalent threats worldwide. Emotet
Jul 07, 2023Swati KhandelwalMobile Security / Malware Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as “Letscall.” This technique is currently targeting individuals in South Korea. The criminals behind “Letscall” employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store
In response to an ongoing incident, JumpCloud has reset the admin Application Programming Interface (API) keys for affected customers. In a notice sent to impacted customers and verified by Infosecurity, JumpCloud emphasized the precautionary nature of the action and its purpose of safeguarding sensitive information. “Out of an abundance of caution relating to an ongoing
by Paul Ducklin PUTTING THE X IN X-OPS First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate “Ops” teams working together, with cybersecurity correctness as a guiding light. No audio player below? Listen directly on
Jul 06, 2023Ravie LakshmananEndpoint Security / Malware The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. “TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell
The Nagoya Port Unified Terminal System (NUTS) in Japan suffered a significant system outage on Tuesday that was attributed to a ransomware attack. According to a notice (in Japanese) sent to customers, the attack disrupted container operations across all terminals within the port. In particular, container import and export operations via trailer transportation have been
by Paul Ducklin Firefox’s latest monthly update just came out, bumping the primary version of the popular alternative browser to 115.0. OK, it’s technically a once-every-four-weeks update, so that there will sometimes be two major updates in a single calendar month, just as you sometimes get two full moons in a month, but this month
Jul 05, 2023Ravie LakshmananCritical Infrastructure Security A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware “possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also
A new report by the Kaspersky Digital Footprint Intelligence team has revealed that several companies worldwide are severely unprepared when dealing with darknet data leaks. The initiative, carried out in 2022, tracked dark web posts offering access to companies, compromised accounts and other critical incidents. Kaspersky said it promptly notified victim companies about these threats.
by Paul Ducklin Even if you haven’t heard of the venerable Ghostscript project, you may very well have used it without knowing. Alternatively, you may have it baked into a cloud service that you offer, or have it preinstalled and ready to go if you use a package-based software service such as a BSD or
Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns The U.S. Federal Bureau of Investigation (FBI) is warning about an increase in extortion campaigns where criminals tap into readily available artificial intelligence (AI) tools to create sexually explicit deepfakes from people’s innocent photos and
Jul 04, 2023Ravie LakshmananPrivacy / Online Security The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection (IMY)
The US Patent and Trademark Office (USPTO) has recently disclosed a data security incident involving domicile information in certain trademark filings between February 2020 and March 2023. According to information provided to Infosecurity, approximately 61,000 domicile addresses, constituting 3% of the total number of applications during the relevant period, were affected. “On February 24, 2023,
by Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it to the latest version. Over the weekend, the plugin’s creator published version 2.6.7, which is supposed to patch a serious security hole, described by user @softwaregeek on the WordPress support site as follows: A critical
Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents Contrary to common perception, small and medium-sized businesses (SMBs) are often the target of cyberattacks. That’s understandable, as in the US and UK, they comprise over 99% of businesses, a majority of
Jul 03, 2023Ravie LakshmananMalware Attack / Cyberespionage A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at least December 2022. “The campaign
8Base ransomware has emerged as a prominent player in the cybercrime landscape, according to a new blog post by VMware Carbon Black’s TAU (Threat Analysis Unit) and MDR-POC (Managed Detection and Response Proof of Concept) teams. The company explained that 8Base employs a combination of encryption and “name-and-shame” tactics to extort victims into paying ransoms.
Jul 01, 2023Ravie LakshmananEndpoint Security / Malware Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software. “This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed,”
A recent adversary simulation conducted by the MDSec ActiveBreach red team uncovered a critical vulnerability in ArcServe UDP Backup software. Tracked CVE-2023-26258, the flaw affects versions 7.0 to 9.0 of the software and allows for remote code execution (RCE), posing a significant risk to organizations relying on the software for backup infrastructure. “The importance of
- « Previous Page
- 1
- …
- 20
- 21
- 22
- 23
- 24
- …
- 114
- Next Page »