0 Comments
A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates,” Cisco Talos said in an exhaustive two-part report
0 Comments
The RomCom threat actor has reportedly launched a targeted cyber campaign aimed at organizations and individuals supporting Ukraine just days before a highly anticipated NATO Summit. The BlackBerry Threat, Research and Intelligence team uncovered this sophisticated operation and described it in an advisory published earlier today. In particular, the team said it discovered two deceptive
0 Comments
Jul 11, 2023THNZero-Day / Endpoint Security Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted
0 Comments
Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns. The claims come from ReversingLabs researchers, who said in a blog post published on Thursday the packages pose a dual threat, affecting application end users while also supporting email-based phishing attacks, mainly targeting Microsoft 365 users. Software
0 Comments
Confidential information, including unreleased TV shows, scripts and materials, belonging to the popular children’s television channel Nickelodeon, have been reportedly compromised in a significant data leak.  According to social media reports, an individual allegedly dumped approximately 500GB of animation files.  The authenticity of the leaked content is yet to be confirmed by Nickelodeon. Still, a spokesperson
0 Comments
Two spyware applications posing as file management tools have been discovered on the Google Play Store with a total of at least 1.5 million installs.  The apps, attributed to the same developer and discovered by cybersecurity firm Pradeo, exhibit similar malicious behaviors and operate without user interaction. Their main objective is to covertly extract and transmit
0 Comments
A brief summary of what happened with Emotet since its comeback in November 2021 Emotet is a malware family active since 2014, operated by a cybercrime group known as Mealybug or TA542. Although it started as a banking trojan, it later evolved into a botnet that became one of the most prevalent threats worldwide. Emotet
0 Comments
Jul 07, 2023Swati KhandelwalMobile Security / Malware Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as “Letscall.” This technique is currently targeting individuals in South Korea. The criminals behind “Letscall” employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store
0 Comments
In response to an ongoing incident, JumpCloud has reset the admin Application Programming Interface (API) keys for affected customers. In a notice sent to impacted customers and verified by Infosecurity, JumpCloud emphasized the precautionary nature of the action and its purpose of safeguarding sensitive information. “Out of an abundance of caution relating to an ongoing
0 Comments
by Paul Ducklin PUTTING THE X IN X-OPS First there was DevOps, then SecOps, then DevSecOps. Or should that be SecDevOps? Paul Ducklin talks to Sophos X-Ops insider Matt Holdcroft about how to get all your corporate “Ops” teams working together, with cybersecurity correctness as a guiding light. No audio player below? Listen directly on
0 Comments
The Nagoya Port Unified Terminal System (NUTS) in Japan suffered a significant system outage on Tuesday that was attributed to a ransomware attack. According to a notice (in Japanese) sent to customers, the attack disrupted container operations across all terminals within the port. In particular, container import and export operations via trailer transportation have been
0 Comments
Jul 05, 2023Ravie LakshmananCritical Infrastructure Security A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The malware “possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also
0 Comments
A new report by the Kaspersky Digital Footprint Intelligence team has revealed that several companies worldwide are severely unprepared when dealing with darknet data leaks. The initiative, carried out in 2022, tracked dark web posts offering access to companies, compromised accounts and other critical incidents. Kaspersky said it promptly notified victim companies about these threats.
0 Comments
Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns The U.S. Federal Bureau of Investigation (FBI) is warning about an increase in extortion campaigns where criminals tap into readily available artificial intelligence (AI) tools to create sexually explicit deepfakes from people’s innocent photos and
0 Comments
Jul 04, 2023Ravie LakshmananPrivacy / Online Security The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection (IMY)
0 Comments
The US Patent and Trademark Office (USPTO) has recently disclosed a data security incident involving domicile information in certain trademark filings between February 2020 and March 2023. According to information provided to Infosecurity, approximately 61,000 domicile addresses, constituting 3% of the total number of applications during the relevant period, were affected. “On February 24, 2023,
0 Comments
Jul 03, 2023Ravie LakshmananMalware Attack / Cyberespionage A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at least December 2022. “The campaign
0 Comments
8Base ransomware has emerged as a prominent player in the cybercrime landscape, according to a new blog post by VMware Carbon Black’s TAU (Threat Analysis Unit) and MDR-POC (Managed Detection and Response Proof of Concept) teams. The company explained that 8Base employs a combination of encryption and “name-and-shame” tactics to extort victims into paying ransoms. 
0 Comments
Jul 01, 2023Ravie LakshmananEndpoint Security / Malware Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software. “This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed,”
0 Comments
A recent adversary simulation conducted by the MDSec ActiveBreach red team uncovered a critical vulnerability in ArcServe UDP Backup software. Tracked CVE-2023-26258, the flaw affects versions 7.0 to 9.0 of the software and allows for remote code execution (RCE), posing a significant risk to organizations relying on the software for backup infrastructure. “The importance of