Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google’s Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian
A persistent cyber–attack campaign has emerged targeting major financial institutions in French–speaking African countries and has been active over the last two years. The campaign was discovered by Check Point Research (CPR) and dubbed ‘DangerousSavanna.’ It relied on spear phishing techniques to initiate infection chains. The threat actors reportedly sent malicious attachment emails in French
by Paul Ducklin Yes, ransomware is still a thing. No, not all ransomware attacks unfold in the way you might expect. Most contemporary ransomware attacks involve two groups of criminals: a core gang who create the malware and handle the extortion payments, and “members” of a loose-knit clan of “affiliates” who actively break into networks
Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. “The group frequently changes its malware attack strategies in response to global cybercrime trends,” Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. “It opportunistically adopts new technologies in
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and local governments mostly in Asia. These attacks were conducted by a previously unknown espionage group that we have named Worok and
Over half (52%) of global organizations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro. The security vendor polled nearly 3000 IT decision makers across 26 countries to produce its latest report, Everything is connected: Uncovering the ransomware
A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question
An upgraded version of the SharkBot mobile malware has been spotted on Google’s Play Store, suggested a new blog post by Fox-IT, part of the NCC Group. The new version of SharkBot reportedly targets the banking credentials of Android users via apps that have collectively counted 60,000 installations. These apps, which have now been removed by
by Paul Ducklin Just three days after Chrome’s previous update, which patched 24 security holes that were not in the wild… …the Google programmers announced the release of Chrome 105.0.5195.102, where the last of the four numbers in the quadruplet jumps up from 52 on Mac and Linux and 54 on Windows. The release notes
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for
A new advisory by SentinelLabs and Checkmarx has linked a threat actor called ‘JuiceLedger’ to the first known phishing campaign targeting Python Package Index (PyPI) users. The repository’s Twitter account first described its initial findings about the campaign on August 24, 2022 in a series of posts. Roughly a week later, SentinelLabs is now expanding
by Paul Ducklin We don’t often write obituaries on Naked Security, but this is one of the times we’re going to. You might not have heard of Peter Eckersley, PhD, but it’s very likely that you’ve relied on a cybersecurity innovation that he not only helped to found, but also to build and establish across
South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. “In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems,” the company disclosed in a notice. “On
What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack? As cyber-insurance is, and will continue to be, a budget item for organizations looking to protect themselves from the escalating and unforeseen consequences of cyberattacks, one important question arises –
A vulnerability in Chromium-based browsers allows web-pages to replace the content of the system clipboard without the user’s consent or interaction. The bug was discovered by developer Jeff Johnson, who detailed his findings in a blog post on August 28. The security expert also said the issue affects Apple Safari and Mozilla Firefox as well, but
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims’ exfiltrated data when used by other cybercriminals. “While this untrustworthy behavior is nothing new in the world of cybercrime, the victims’ data end up in the
Various law enforcement agencies in Southern California and North Carolina have deployed an obscure cellphone tracking tool dubbed ‘Fog Reveal,’ sometimes without search warrants, a new investigation by the Associated Press (AP) has revealed. The tool gave police offers the ability to search billions of records from 250 million mobile devices and harness the ensuing data
by Paul Ducklin Well, we didn’t expect this! Our much-loved iPhone 6+, now nearly eight years old but in pristine, as-new condition until a recent UDI (unintended dismount incident, also known as a bicycle prang, which smashed the screen but left the device working fine otherwise), hasn’t received any security updates from Apple for almost
“But everyone else has one.” Those are familiar words to a parent, especially if you’re having the first smartphone conversation with your tween or pre-teen. In their mind, everyone else has a smartphone so they want a one too. But does “everyone” really have one? Well, your child isn’t wrong. Our recent global study found
So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity
Do you have a plan for what will happen to your digital self when you pass away? Here’s how to put your digital affairs in order on Facebook, Google, Twitter and other major online services. There’s no easy way to put it: We’re all going to die. And once dead, why would we care about
The Symantec Threat Hunter team has spotted 1859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) access tokens that permitted access to private AWS cloud services. Of all the apps analyzed by the security researchers, roughly 50% were seen using the same AWS tokens found in other apps (maintained by other developers
by Paul Ducklin LISTEN NOW With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies. With news of data breaches and hacking crusades filling
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. “The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,” McAfee researchers Oliver Devane
A new hacking campaign is exploiting the notorious deep field image taken from the James Webb telescope alongside obfuscated Go programming language payloads to infect systems. The malware was spotted by the Securonix Threat research team, who is tracking the campaign as GO#WEBBFUSCATOR. “Initial infection begins with a phishing email containing a Microsoft Office attachment,”
by Paul Ducklin Google’s latest Chrome browser, version 105, is out, though the full version number is annoyingly different depending on whether you are on Windows, Mac or Linux. On Unix-like systems (Mac and Linux), you want 105.0.5195.52, but on Windows, you’re looking for 105.0.5195.54. According to Google, this new version includes 24 security fixes,
Using a VPN on your smartphone can boost your privacy in a big way, particularly with all the data tracking that’s happening out there today. For some time now, we’ve recommended a VPN when using public Wi-Fi in airports, libraries, hotels, and coffee shops. Given that these are public networks, a determined hacker can snoop
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. “The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware,
Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six
- « Previous Page
- 1
- …
- 57
- 58
- 59
- 60
- 61
- …
- 114
- Next Page »