' Cybersecurity News

About This Website

Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.

We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.

Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.

Cybersecurity News

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that "allowed them to

Read More
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available

Read More
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
New Case Study: Unmanaged GTM Tags Become a Security Nightmare

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.  Read the

Read More
New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as

Read More
Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software
Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,

Read More
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024. The flaws

Read More
Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM
Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM

A controversial proposal put forth by the European Union to scan users' private messages for detection of child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. "Mandating mass scanning of private communications fundamentally

Read More
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)," Trellix security

Read More
The Annual SaaS Security Report: 2025 CISO Plans and Priorities
The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations drastically increased investment in

Read More
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and executing more malicious programs as well as a utility to propagate the malware via SSH, cloud analytics platform Datadog

Read More
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could

Read More
Singapore Police Extradites Malaysians Linked to Android Malware Fraud
Singapore Police Extradites Malaysians Linked to Android Malware Fraud

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing

Read More
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"

Read More
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes. Cybersecurity company Sygnia, which responded to

Read More
What is DevSecOps and Why is it Essential for Secure Software Delivery?
What is DevSecOps and Why is it Essential for Secure Software Delivery?

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.

Read More
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

Read More
NiceRAT Malware Targets South Korean Users via Cracked Software
NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office. "Due to the nature of crack programs, information sharing amongst

Read More
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the

Read More
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report published earlier this week. "The goal is

Read More
Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks
Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary's exclusive use of a malware called DISGOMOJI that's written in Golang and is designed to infect Linux systems. "It is a modified version of the public project

Read More
Meta Pauses AI Training on EU User Data Amid Privacy Concerns
Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at having to put its AI plans on pause, stating it had taken into account feedback from regulators and

Read More
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done

Read More
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI. This creates a huge challenge: how do you

Read More
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
Why Regulated Industries are Turning to Military-Grade Cyber Defenses

As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard

Read More
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake QR code, a nefarious actor can easily bypass the verification process and gain unauthorized access,"

Read More
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and

Read More
Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns
Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns

Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in the coming weeks. "We are adjusting the release model for Recall to leverage the expertise of the

Read More
New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models
New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to corrupt the model itself, posing a severe supply chain risk to an

Read More
Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware
Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app," ESET researcher Lukáš Štefanko said in a report published today. "Often

Read More
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don’t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial

Read More
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin. The

Read More
Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware
Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection," security researchers Nicole Fishbein and Ryan Robinson said in

Read More
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been

Read More
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details related to the nature of attacks exploiting it, but noted "there are indications that CVE-2024-32896 may be

Read More
New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems
New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."

Read More
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. "In this incident, the threat actor abused anonymous access to an

Read More
Lessons from the Snowflake Breaches
Lessons from the Snowflake Breaches

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company's clientele, igniting a firestorm of concern and outrage.  Let’s review the facts: two large

Read More
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve

Read More
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads," Elastic Security Labs researcher Daniel Stepanic said in a new analysis. "Each sample is compiled

Read More
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the

Read More
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month. None of the security flaws have been actively exploited in the wild, with one of them listed as

Read More
How Cynet Makes MSPs Rich & Their Clients Secure
How Cynet Makes MSPs Rich & Their Clients Secure

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base. By unifying a full suite of cybersecurity capabilities in a simple, cost-effective

Read More
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network (CERNET), a project funded by the Chinese government. "These

Read More
Top 10 Critical Pentest Findings 2024: What You Need to Know
Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization’s security posture, revealing weaknesses that could potentially lead to data breaches or other security

Read More
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." PCC coincides with the arrival of new generative AI (

Read More
China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics
China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said. ValleyRAT

Read More
Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign
Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the cloud data warehousing platform in its incident response efforts, is tracking the

Read More
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) Valhall GPU Kernel Driver (all versions from r34p0 to r40p0) "A local non-privileged user can make improper GPU memory

Read More
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last week. "Specifically, the targeted individual was a

Read More
Cybersecurity CPEs: Unraveling the What, Why & How
Cybersecurity CPEs: Unraveling the What, Why & How

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on

Read More
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.

Read More
Patch Tuesday, June 2024 “Recall” Edition
Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Read More
‘Operation Endgame’ Hits Malware Delivery Platforms
‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware "droppers" or "loaders" like IcedID, Smokeloader and Trickbot.

Read More
Is Your Computer Part of ‘The Largest Botnet Ever?’
Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various "free VPN" products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime.

Read More
Treasury Sanctions Creators of 911 S5 Proxy Botnet
Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

Read More
Stark Industries Solutions: An Iron Hammer in the Cloud
Stark Industries Solutions: An Iron Hammer in the Cloud

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.

Read More
Why Your Wi-Fi Router Doubles as an Apple AirTag
Why Your Wi-Fi Router Doubles as an Apple AirTag

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.

Read More
Patch Tuesday, May 2024 Edition
Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Read More
How Did Authorities Identify the Alleged Lockbit Boss?
How Did Authorities Identify the Alleged Lockbit Boss?

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.

Read More
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments.

Read More
New Blog Moderation Policy
New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something.

My options are limited because I’m just one person, and this website is free, ad-free, and anonymous. I pay for a part-time moderator out of pocket; he isn’t able to constantly monitor comments. And I’m unwilling to require verified accounts.

So starting now, we will be pre-screening comments and letting through only those that 1) are on topic, 2) contribute to the discussion, and 3) don’t attack or insult anyone. The standard is not going to be “well, I guess this doesn’t technically quite break a rule,” but “is this actually contributing.”...

Read More
The Hacking of Culture and the Creation of Socio-Technical Debt
The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a proliferation of niche groups, who are defined by ideology or aesthetics instead of nationality or geography. This change reflects a material shift in the relationship between collective identity and power, and illustrates how states no longer have exclusive domain over either. Today, both power and culture are increasingly corporate...

Read More
Rethinking Democracy for the Age of AI
Rethinking Democracy for the Age of AI

There is a lot written about technology’s threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st century. They don’t align incentives well. And they are being hacked too effectively.

At the same time, the cost of these hacked systems has never been greater, across all human history. We have become too powerful as a species. And our systems cannot keep up with fast-changing disruptive technologies...

Read More
Using LLMs to Exploit Vulnerabilities
Using LLMs to Exploit Vulnerabilities

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.”

Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities).

In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 15 real-world vulnerabilities and show that our team of agents improve over prior work by up to 4.5×...

Read More
Friday Squid Blogging: Squid Cartoon
Friday Squid Blogging: Squid Cartoon

Squid humor.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More
Upcoming Speaking Engagements
Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

  • I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28.
  • I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom.
  • I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024.

The list is maintained on ...

Read More
Demo of AES GCM Misuse Problems
Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

Read More
AI and the Indian Election
AI and the Indian Election

As India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world.

The campaigns made extensive use of AI, including deepfake impersonations of candidates, celebrities and dead politicians. By some estimates, millions of Indian voters viewed deepfakes.

But, despite fears of widespread disinformation, for the most part the campaigns, candidates and activists used AI constructively in the election. They used AI for typical political activities, including mudslinging, but primarily to better connect with voters...

Read More
Using AI for Political Polling
Using AI for Political Polling

Public polling is a critical function of modern political campaigns and movements, but it isn’t what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails.

First, nonresponse has skyrocketed. It’s radically harder to reach people than it used to be. Few people fill out surveys that come in the mail anymore. Few people answer their phone when a stranger calls. Pew Research reported that 36% of the people they called in 1997 would talk to them, but only 6% by 2018. Pollsters worldwide have faced similar challenges...

Read More
LLMs Acting Deceptively
LLMs Acting Deceptively

New research: “Deception abilities emerged in large language models“:

Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts. As a prerequisite to this, LLMs need to possess a conceptual understanding of deception strategies. This study reveals that such strategies emerged in state-of-the-art LLMs, but were nonexistent in earlier LLMs. We conduct a series of experiments showing that state-of-the-art LLMs are able to understand and induce false beliefs in other agents, that their performance in complex deception scenarios can be amplified utilizing chain-of-thought reasoning, and that eliciting Machiavellianism in LLMs can trigger misaligned deceptive behavior. GPT-4, for instance, exhibits deceptive behavior in simple test scenarios 99.16% of the time (P < 0.001). In complex second-order deception test scenarios where the aim is to mislead someone who expects to be deceived, GPT-4 resorts to deceptive behavior 71.46% of the time (P < 0.001) when augmented with chain-of-thought reasoning. In sum, revealing hitherto unknown machine behavior in LLMs, our study contributes to the nascent field of machine psychology...

Read More
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Read More
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Read More
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Read More
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Read More
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Read More
Twitter Whistleblower Complaint: The TL;DR Version
Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Read More
Firewall Bug Under Active Attack Triggers CISA Warning
Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Read More
Fake Reservation Links Prey on Weary Travelers
Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Read More
iPhone Users Urged to Update to Patch 2 Zero-Days
iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Read More
Google Patches Chrome’s Fifth Zero-Day of the Year
Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Read More
How to use public Wi-Fi safely: 5 things to know before you connect
How to use public Wi-Fi safely: 5 things to know before you connect

Heading out soon? Whether you're going to the airport or the coffee shop, these Wi-Fi safety tips can help protect your data from bad actors.

Read More
The best VPN services for iPhone and iPad in 2024: Expert tested and reviewed
The best VPN services for iPhone and iPad in 2024: Expert tested and reviewed

We tested the best VPNs for iPhones and iPads to find the best options for streaming content and surfing the web while keeping your devices safe.

Read More
The best travel VPNs of 2024: Expert tested and reviewed
The best travel VPNs of 2024: Expert tested and reviewed

We tested the best travel VPNs that offer solid security and speedy connections while you're on the road, working remotely, or on vacation this summer.

Read More
7 cool and useful things I do with my Flipper Zero
7 cool and useful things I do with my Flipper Zero

Forget all the fake Flipper Zero nonsense you see on TikTok. Here are a bunch of very real and impressive things I've used it for.

Read More
Can governments turn AI safety talk into action?
Can governments turn AI safety talk into action?

Industry players and governments discuss guardrails for AI, but aren't deploying them. Here's what's missing.

Read More
The best VPN routers of 2024
The best VPN routers of 2024

We found the best Wi-Fi routers on the market with built-in VPNs or easy VPN installation to combine privacy, security, and speedy Wi-Fi.

Read More
How Singapore is creating more inclusive AI
How Singapore is creating more inclusive AI

A bespoke model might be the answer to Western-focused LLMs - here's what it can do for Southeast Asia.

Read More
Businesses' cloud security fails are 'concerning' - as AI threats accelerate
Businesses' cloud security fails are 'concerning' - as AI threats accelerate

Not enough organizations are conducting regular audits to ensure their cloud environments are secured.

Read More
The best AirTag wallets of 2024: Expert tested
The best AirTag wallets of 2024: Expert tested

Lose your wallet often? ZDNET went hands-on with the best Apple AirTag wallets and accessories to help you keep track of your cards and cash.

Read More
The best security keys of 2024: Expert tested
The best security keys of 2024: Expert tested

We tested the best security keys that combine safety and convenience to keep your online accounts safe from hackers and phishing attacks.

Read More
The best VPN for streaming in 2024: Expert tested and reviewed
The best VPN for streaming in 2024: Expert tested and reviewed

We tested the best VPNs for streaming, which can unblock popular services like Netflix, Disney+, and Hulu from anywhere in the world.

Read More
Want free and anonymous access to AI chatbots? DuckDuckGo's new tool is for you
Want free and anonymous access to AI chatbots? DuckDuckGo's new tool is for you

The privacy-minded DuckDuck Go promises that your chats are private, anonymized, and not used for AI model training.

Read More
Can someone tell if I block their number?
Can someone tell if I block their number?

If you have to block someone else's number, you may have wondered what happens next. We'll walk you through the ways that someone may be able to tell if their number has been blocked.

Read More
After brutal critiques, Microsoft Recall will get these major privacy and security changes
After brutal critiques, Microsoft Recall will get these major privacy and security changes

Stung by criticism from security researchers, Microsoft today announced major changes to a key feature of its new Copilot+ PCs. The changes include enhanced encryption and new ways to protect user data from unauthorized access.

Read More
How to back up (and restore) your saved MacOS passwords
How to back up (and restore) your saved MacOS passwords

If you've ever lost your passwords, you know that's a trying situation. Thankfully, MacOS has a feature that allows you to export passwords for backup and restore purposes.

Read More
ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI
ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI

Want to use AI tools without compromising control of your data? Here are two ways to safeguard your privacy in OpenAI's chatbot.

Read More
Singapore, US expand AI partnership to focus on upskilling youth and women
Singapore, US expand AI partnership to focus on upskilling youth and women

Organizations from both nations pledge to boost the AI capabilities of more than 130,000 workers in Singapore.

Read More
You'll soon be able to text 911 via RCS on your Android phone. Here's how it works
You'll soon be able to text 911 via RCS on your Android phone. Here's how it works

Google Messages will be among the first text services to support read receipts, high-res media sending, and more with emergency call centers.

Read More
Ethical hacker releases tool to exploit Microsoft's Recall AI, says it's not 'rocket science'
Ethical hacker releases tool to exploit Microsoft's Recall AI, says it's not 'rocket science'

Microsoft's Windows Recall AI feature hasn't launched yet but it's already a target.

Read More
5 ways to save your Windows 10 PC in 2025 - and most are free
5 ways to save your Windows 10 PC in 2025 - and most are free

As many as 240 million Windows 10 PCs can't be upgraded to Windows 11. What's a user to do? You have five viable alternatives to trashing your machine.

Read More
Massachusetts 911 Outage Caused by Errant Firewall
Massachusetts 911 Outage Caused by Errant Firewall

A statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.

The post Massachusetts 911 Outage Caused by Errant Firewall appeared first on SecurityWeek.

Read More
Cybersecurity M&A Roundup for First Half of June 2024
Cybersecurity M&A Roundup for First Half of June 2024

Roundup of the cybersecurity-related merger and acquisition (M&A) deals announced in the first half of June 2024.

The post Cybersecurity M&A Roundup for First Half of June 2024 appeared first on SecurityWeek.

Read More
Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks
Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks

National passenger railroad company Amtrak is notifying customers that hackers have breached their Guest Rewards Accounts.

The post Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks appeared first on SecurityWeek.

Read More
US, Allies Publish Guidance on Securing Network Access
US, Allies Publish Guidance on Securing Network Access

Government agencies in the US, New Zealand, and Canada have published new guidance on improving network security.

The post US, Allies Publish Guidance on Securing Network Access appeared first on SecurityWeek.

Read More
CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch
CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch

CISA has notified RAD after finding a PoC exploit targeting a high-severity vulnerability in an outdated industrial switch.

The post CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch appeared first on SecurityWeek.

Read More
The Perilous Role of the CISO: Navigating Modern Minefields
The Perilous Role of the CISO: Navigating Modern Minefields

As organizations grapple with the implications of cybersecurity on their bottom line and reputation, the question of whether the CISO role is worth the inherent risks looms large.

The post The Perilous Role of the CISO: Navigating Modern Minefields appeared first on SecurityWeek.

Read More
Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition
Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition

Google has released a Chrome 126 security update with six fixes, including four for externally reported high-severity flaws.

The post Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition appeared first on SecurityWeek.

Read More
AMD Investigating Breach Claims After Hacker Offers to Sell Data
AMD Investigating Breach Claims After Hacker Offers to Sell Data

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

The post AMD Investigating Breach Claims After Hacker Offers to Sell Data appeared first on SecurityWeek.

Read More
Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing
Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing

Sagar Steven Singh and Nicholas Ceraolo pleaded guilty to hacking a database maintained by a US federal law enforcement agency.

The post Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing appeared first on SecurityWeek.

Read More
New BadSpace Backdoor Deployed in Drive-By Attacks
New BadSpace Backdoor Deployed in Drive-By Attacks

The BadSpace backdoor is being distributed via drive-by attacks involving infected websites and JavaScript downloaders.

The post New BadSpace Backdoor Deployed in Drive-By Attacks appeared first on SecurityWeek.

Read More
Amtrak confirms crooks are breaking into user accounts, derailing email addresses
Amtrak confirms crooks are breaking into user accounts, derailing email addresses

Rail company goes full steam ahead with notification letters to Rewards customers about spilled card details and more

US rail company Amtrak is writing to users of its Guest Rewards program to inform them that their data is potentially at risk following a derailment of their account security. …

Read More
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise
That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise

Control-C, Control-V, Enter ... Hell

Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts. …

Read More
Rogue uni IT director pleads guilty after fraudulently buying $2.1M of tech
Rogue uni IT director pleads guilty after fraudulently buying $2.1M of tech

Two decades in the clink would be quite an education

A now-former IT director has pleaded guilty to defrauding the university at which he was employed – and a computer equipment supplier – for $2.1 million over five years.…

Read More
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale
Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale

Chip designer really gonna need to channel some Zen right now

AMD's IT team is no doubt going through its logs today after cyber-crooks put up for sale what is claimed to be internal data stolen from the US microprocessor designer.…

Read More
EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians
EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians

If you call 'client-side scanning' something like 'upload moderation,' it still undermines privacy, security

On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.…

Read More
CHERI Alliance formed to promote memory security tech ... but where's Arm?
CHERI Alliance formed to promote memory security tech ... but where's Arm?

Academic-industry project takes next step as key promoter chip designer licks its wounds

Updated  A group of technology organizations has formed the CHERI Alliance CIC (Community Interest Company) to promote industry adoption of the security technology focused on memory access.…

Read More
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack
Uncle Sam ends financial support to orgs hurt by Change Healthcare attack

Billions of dollars made available but worst appears to be over

The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.…

Read More
NHS boss says Scottish trust wouldn't give cyberattackers what they wanted
NHS boss says Scottish trust wouldn't give cyberattackers what they wanted

CEO of Dumfries and Galloway admits circa 150K people should assume their details leaked

The chief exec at NHS Dumfries and Galloway will write to thousands of folks in the Scottish region whose data was stolen by criminals, admitting the lot of it was published after the trust did not give in to the miscreants' demands.…

Read More
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

Specially crafted network packet could allow remote code execution and access to VM fleets

VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.…

Read More
Arm security defense shattered by speculative execution 95% of the time
Arm security defense shattered by speculative execution 95% of the time

'TikTag' security folks find anti-exploit mechanism rather fragile

In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped.…

Read More
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam
Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam

Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines

Updated  Two consulting firms, Guidehouse and Nan McKay and Associates, have agreed to pay a total of $11.3 million to resolve allegations of cybersecurity failings over their roll-out of COVID-19 assistance.…

Read More
Suspected bosses of $430M dark-web Empire Market charged in US
Suspected bosses of $430M dark-web Empire Market charged in US

Cybercrime super-souk's Dopenugget and Zero Angel may face life behind bars if convicted

The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and operating the illicit souk.…

Read More
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack
Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

Four years on and it's still paying for what California attorney general calls 'unacceptable' practice

Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general.…

Read More
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader
Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

Spanish plod make arrest at airport before he jetted off to Italy

Spanish police arrested a person they allege to be the leader of the notorious cybercrime gang Scattered Spider as he boarded a private flight to Naples.…

Read More
AWS is pushing ahead with MFA for privileged accounts. What that means for you ...
AWS is pushing ahead with MFA for privileged accounts. What that means for you ...

The clock is ticking – why not try a passkey?

Heads up: Amazon Web Services is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, and we love to see it.…

Read More
UK's Total Fitness exposed nearly 500K images of members, staff through unprotected database
UK's Total Fitness exposed nearly 500K images of members, staff through unprotected database

Health club chain headed for the spa on choose-a-password day

Exclusive  A cybersecurity researcher claims UK health club and gym chain Total Fitness bungled its data protection responsibilities by failing to lock down a database chock-full of members' personal data.…

Read More
Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims' infrastructure
Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims' infrastructure

Who needs ransomware when you can scare techies into coughing up their credentials?

Notorious cyber gang UNC3944 – the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides – has changed its tactics and is now targeting SaaS applications…

Read More
That didn't take long: Replacement for SORBS spam blacklist arises ... sort of
That didn't take long: Replacement for SORBS spam blacklist arises ... sort of

Also: Online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln

Infosec in brief  A popular spam blocklist service that went offline earlier this month has advised users it is down permanently – but at least one potential candidate is stepping up to try to fill the threat intelligence void.…

Read More
Japan's space junk cleaner hunts down major target
Japan's space junk cleaner hunts down major target

Plus: Australia to age limit social media; Hong Kong's robo-dogs; India's new tech minister

Asia in brief  The space junk cleaning mission launched by Japan's Aerospace Exploration Agency (JAXA) has successfully hunted down one of its targets.…

Read More
Microsoft answered Congress' questions on security. Now the White House needs to act
Microsoft answered Congress' questions on security. Now the White House needs to act

Business as usual needs a real change

Feature  Microsoft president Brad Smith struck a conciliatory tone regarding his IT giant's repeated computer security failings during a congressional hearing on Thursday – while also claiming the Windows maker is above the rule of law, at least in China.…

Read More
Stanford Internet Observatory wilts under legal pressure during election year
Stanford Internet Observatory wilts under legal pressure during election year

Because who needs disinformation research at times like these

The Stanford Internet Observatory (SIO), which for the past five years has been studying and reporting on social media disinformation, is being reimagined with new management and fewer staff following the recent departure of research director Renee DiResta.…

Read More
Meta won't train AI on Euro posts after all, as watchdogs put their paws down
Meta won't train AI on Euro posts after all, as watchdogs put their paws down

Facebook parent calls step forward for privacy a 'step backwards'

Meta has caved to European regulators, and agreed to pause its plans to train AI models on EU users' Facebook and Instagram users' posts — a move that the social media giant said will delay its plans to launch Meta AI in the economic zone.…

Read More
Nigerian faces up to 102 years in the slammer for $1.5M phishing scam
Nigerian faces up to 102 years in the slammer for $1.5M phishing scam

Crook and his alleged co-conspirators said to have used Discord to coordinate

A Nigerian national has been convicted of participating in a business email compromise (BEC) scam worth $1.5 million after a jury found him guilty on all counts.…

Read More
Ukraine busts SIM farms targeting soldiers with spyware
Ukraine busts SIM farms targeting soldiers with spyware

Russia recruits local residents to support battlefield goals

Infrastructure that enabled two pro-Russia Ukraine residents to break into soldiers' devices and deploy spyware has been dismantled by the Security Service of Ukraine (SSU).…

Read More
French state bidding for piece of Atos, offers €700M
French state bidding for piece of Atos, offers €700M

Big data + security division could be owed by the government and its people

The French government has confirmed an offer of €700 million ($748 million) for key assets of ailing IT services giant Atos, following the company’s acceptance of a restructuring deal earlier this week.…

Read More
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended
Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended

'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith

Lawmakers on Thursday grilled Microsoft president Brad Smith about the Windows giant's businesses dealing in China — and the super-corp's repeated security failings — at a time when Beijing-backed spies are accused of breaking into Microsoft-hosted email accounts of American government officials.…

Read More
US Space Force wanted $77M to reinforce GPS – and Congress shot it down
US Space Force wanted $77M to reinforce GPS – and Congress shot it down

Can't we do this another way, like without these mini-sats costing $1B over 5 years, House reps wonder

A plan by America's Space Force to harden GPS against spoofing attacks may be going nowhere: A request by the service branch for $77 million of public cash to finish the work is struggling to get approval from Congress.…

Read More
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M
Oracle Ads have had it: $2B operation shuts down after dwindling to $300M

In this slightly more private era, your data ain't as profitable as it once was

Analysis  Oracle Advertising is shutting down, CEO Safra Catz said during the database goliath's fiscal 2024 Q4 earnings call with Wall Street this week.…

Read More
Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin
Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin

28-year-old accused of major ransomware attacks across Europe

An alleged cog in the Conti and LockBit ransomware machines is now in handcuffs after Ukrainian police raided his home this week.…

Read More
Google's Privacy Sandbox more like a privacy mirage, campaigners claim
Google's Privacy Sandbox more like a privacy mirage, campaigners claim

Chocolate Factory accused of misleading Chrome browser users

Updated  Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp.…

Read More
Student's flimsy bin bags blamed for latest NHS data breach
Student's flimsy bin bags blamed for latest NHS data breach

Confidential patient information found by member of the public

A data protection gaffe affecting the UK's NHS is being pinned on a medical student who placed too much trust in their bin bags.…

Read More
Time to zero in on Zero Trust?
Time to zero in on Zero Trust?

Recently discovered vulnerabilities in VPN services should push ASEAN organizations to rethink their perimeter security approach

Sponsored Post  Companies the ASEAN region have long relied on a virtual private network (VPN) to help encrypt their Internet traffic and protect users' online identities.…

Read More
Crooks crack customer info at tracking device vendor Tile, issue 'extortion' demands
Crooks crack customer info at tracking device vendor Tile, issue 'extortion' demands

Who tracks the trackers?

Life360, purveyor of "Tile" Bluetooth tracking devices and developer of associated apps, has revealed it is dealing with a "criminal extortion attempt" after unknown miscreants contacted it with an allegation they had customer data in their possession.…

Read More
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day

Symantec suggests Black Basta crew beat Microsoft to the patch

The Black Basta ransomware gang may have exploited a now-patched Windows privilege escalation bug as a zero-day, according to Symantec's threat hunters.…

Read More
White House report dishes deets on all 11 major government breaches from 2023
White House report dishes deets on all 11 major government breaches from 2023

The MOVEit breach and ransomware weren’t kind to the Feds last year

The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year (YoY) in 2023 to a total of 32,211, per a new White House report, which also spilled the details on the most serious incidents suffered across the government.…

Read More
China's FortiGate attacks more extensive than first thought
China's FortiGate attacks more extensive than first thought

Dutch intelligence says at least 20,000 firewalls pwned in just a few months

The Netherlands' cybersecurity agency (NCSC) says the previously reported attack on the country's Ministry of Defense (MoD) was far more extensive than previously thought.…

Read More
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack

Patch Tuesday  Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed.…

Read More
Pure Storage pwned, claims data plundered by crims who broke into Snowflake workspace
Pure Storage pwned, claims data plundered by crims who broke into Snowflake workspace

Secure storage company hasn't spilled details on how they got in

Pure Storage is the latest company to confirm it's a victim of mounting Snowflake-related data breaches.…

Read More
Cylance clarifies data breach details, except where the data came from
Cylance clarifies data breach details, except where the data came from

Customers, partners, operations remain uncompromised, BlackBerry says

BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn't endanger customers, yet it won't say where the information was stored originally.…

Read More
UK and Canada's data chiefs join forces to investigate 23andMe mega-breach
UK and Canada's data chiefs join forces to investigate 23andMe mega-breach

Three-pronged approach aims to uncover any malpractice at the Silicon Valley biotech biz

The data protection watchdogs of the UK and Canada are teaming up to hunt down the facts behind last year's 23andMe data breach.…

Read More
Snowflake customers not using MFA are not unique – over 165 of them have been compromised
Snowflake customers not using MFA are not unique – over 165 of them have been compromised

Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage

An unknown financially motivated crime crew has swiped a "significant volume of records" from Snowflake customers' databases using stolen credentials, according to Mandiant.…

Read More
Japanese vid-sharing site Niconico needs rebuild after cyberattack
Japanese vid-sharing site Niconico needs rebuild after cyberattack

Offline for four days and counting, as are parent company and e-commerce brand

Japanese media conglomerate Kadokawa and several of its properties have been offline for four days after a major cyber attack.…

Read More
Christie's confirms RansomHub crooks stole data on 45K clients
Christie's confirms RansomHub crooks stole data on 45K clients

A far cry from the half-million claim that crims originally boasted

Auction house to the wealthy Christie's says 45,798 people were affected by its recent cyberattack and resulting data theft.…

Read More
Snowflake tells customers to enable MFA as investigations continue
Snowflake tells customers to enable MFA as investigations continue

Also, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns

infosec in brief  Cloud data analytics platform Snowflake said it is going to begin forcing customers to implement multi-factor authentication to prevent more intrusions. …

Read More
Two cuffed over suspected smishing campaign using 'text message blaster'
Two cuffed over suspected smishing campaign using 'text message blaster'

Thousands of dodgy SMSes bypassed network filters in UK-first case, it is claimed

British police have arrested two individuals following an investigation into an SMS-based phishing campaign using some kind of homebrew hardware.…

Read More
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief
Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief

Scott Small tells us gang's 'intent and capability' should get the attention of CSOs

Interview  It might not be as big a name as BlackCat or LockBit, but the Akira ransomware is every bit as dangerous, says one cybersecurity researcher – and it's poised to make a big impact. …

Read More
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up

Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker

Interview  Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from Uber in 2016 – remembers sitting down and thinking through the worst-case scenarios he faced following that guilty verdict in 2022.…

Read More
New York Times source code leaks online via 4chan
New York Times source code leaks online via 4chan

Breaking breaking-news news

Updated  A 4chan user has leaked 270GB of internal New York Times data, including what's said to be source code and other web assets, via the notorious image board.…

Read More
FCC takes some action against notorious BGP
FCC takes some action against notorious BGP

How's your RPKI-based security plan coming along? Feds want to know

US broadband providers will soon have to provide proof to Uncle Sam that they are taking steps to prevent Border Gateway Protocol (BGP) hijacking and locking down internet routing in general.…

Read More
Defiant Microsoft pushes ahead with controversial Recall – tho as an opt-in
Defiant Microsoft pushes ahead with controversial Recall – tho as an opt-in

Windows maker acknowledges 'clear signal' from everyone, then mostly ignores it

Microsoft is not giving up on its controversial Windows Recall, though says it will give customers an option to opt in instead of having it on by default, and will beef up the security of any data the software stores.…

Read More
Quishing Campaign Targets Chinese Citizens via Fake Official Documents
Quishing Campaign Targets Chinese Citizens via Fake Official Documents

Cyber threat intelligence provider Cyble observed a new malicious QR code phishing campaign targeting Chinese citizens

Read More
Cybersecurity Burnout Costing Firms $700m+ Annually
Cybersecurity Burnout Costing Firms $700m+ Annually

Hack The Box research claims employee burnout could be costing hundreds of millions in lost productivity

Read More
G7 to Develop Cybersecurity Framework for Energy Sector
G7 to Develop Cybersecurity Framework for Energy Sector

The G7 nations agree to develop a cybersecurity framework for key technologies used to operate electricity, oil and natural gas systems

Read More
CIISec Urges Employers to Target Young Talent in Gaming Centers
CIISec Urges Employers to Target Young Talent in Gaming Centers

The Chartered Institute of Information Security has issued a new guide to help firms recruit more talent

Read More
92% of Organizations Hit by Credential Compromise from Social Engineering Attacks
92% of Organizations Hit by Credential Compromise from Social Engineering Attacks

A Barracuda report found that 92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023

Read More
Fake Meeting Software Spreads macOS Infostealer
Fake Meeting Software Spreads macOS Infostealer

Recorded Future has found that Vortax, a purported virtual meeting software, is actually malicious software spreading three information stealers

Read More
VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation
VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation

VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, with patches available for customers

Read More
Quarter of Firms Suffer an API-Related Breach
Quarter of Firms Suffer an API-Related Breach

Salt Security study finds 23% of organizations suffered a breach via production APIs in 2023

Read More
Report Reveals Record Exploitation Rate For Load Balancers
Report Reveals Record Exploitation Rate For Load Balancers

Action1 reveals cybercriminals are increasingly targeting NGINX and Citrix load balancers

Read More
Los Angeles Public Health Department Discloses Large Data Breach
Los Angeles Public Health Department Discloses Large Data Breach

Los Angeles County Department of Public Health revealed a data breach impacting more than 200,000 individuals, with personal, medical and financial data potentially stolen

Read More
Academics Develop Testing Benchmark for LLMs in Cyber Threat Intelligence
Academics Develop Testing Benchmark for LLMs in Cyber Threat Intelligence

Researchers from the Rochester Institute of Technology introduced a benchmark designed to assess large language models’ performance in cyber threat intelligence applications

Read More
Meta Pauses European GenAI Development Over Privacy Concerns
Meta Pauses European GenAI Development Over Privacy Concerns

Meta has delayed plans to train its LLMs using public content shared by adults on Facebook and Instagram following a request by Ireland’s data protection regulator

Read More
Pure Storage enhances its platform with cyber resiliency services and capabilities
Pure Storage enhances its platform with cyber resiliency services and capabilities

Pure Storage announced three new Storage as-a-Service (STaaS) service-level agreements (SLAs) for the Pure Storage platform – cyber recovery and resilience and site rebalance – further empowering organizations to guarantee outcomes and reduce risk in their critical data infrastructure. AI is revolutionizing business, and not always for the better. Cybercriminals are increasingly using AI to increase the frequency and impact of cyberattacks, especially ransomware. However, existing IT infrastructure generally lacks flexibility to react to the … More

The post Pure Storage enhances its platform with cyber resiliency services and capabilities appeared first on Help Net Security.

Read More
Clever macOS malware delivery campaign targets cryptocurrency users
Clever macOS malware delivery campaign targets cryptocurrency users

Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorded Future’s researchers are warning. The threat actor behind this complex scheme is going after both Windows and Mac users, and leverages social media and messaging platforms to trick them into installing the apps, i.e., the malware. How cryptocurrency users get tricked into downloading the malware Vortax – supposedly in-browser virtual meeting software – looks like a legitimate app at … More

The post Clever macOS malware delivery campaign targets cryptocurrency users appeared first on Help Net Security.

Read More
Quantum Xchange expands Phio TX platform to offer secure site-to-site and remote access VPN
Quantum Xchange expands Phio TX platform to offer secure site-to-site and remote access VPN

Quantum Xchange launched version 4.0 of its quantum-safe key delivery platform Phio TX, featuring Phio VPN, a Virtual Private Network (VPN) to combine AI-native networking with quantum-safe key management and delivery. The Phio VPN builds on the unique architecture, design principles, and patented technology of the company’s keystone deployment product Phio TX. The next-generation key delivery system and crypto-agile management platform supports all the NIST Post-Quantum Cryptography (PQCs) algorithms and can work with an organization’s … More

The post Quantum Xchange expands Phio TX platform to offer secure site-to-site and remote access VPN appeared first on Help Net Security.

Read More
How can SLTTs defend against cyber threats?
How can SLTTs defend against cyber threats?

Managing cybersecurity for any organization is no easy feat. Improving cybersecurity maturity is often even more difficult, made increasingly challenging by the eye-watering costs of cybersecurity products and solutions. And when you are responsible for securing citizens’ data as a U.S. State, Local, Tribal, or Territorial (SLTT) entity, those coffers run dry faster than ever. That’s because you’re facing growing cyber risks, skyrocketing costs for cybersecurity solutions, and tightening budgets. As a U.S. SLTT, however, … More

The post How can SLTTs defend against cyber threats? appeared first on Help Net Security.

Read More
SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting
SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting

SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection (IDS/IPS), network security monitoring (NSM), and threat hunting. The project is developed and maintained by Stamus Networks. SELKS is an effective production-grade solution for many small and medium-sized organizations. Since all the data in SELKS is generated by the Suricata engine, it is popular among network security practitioners who explore the capabilities of Suricata IDS/IPS/NSM and analyze the network protocol monitoring … More

The post SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting appeared first on Help Net Security.

Read More
Cybersecurity jobs available right now: June 19, 2024
Cybersecurity jobs available right now: June 19, 2024

Application Penetration Tester ShiftCode Analytics | USA | On-site – View job details As an Application Penetration Tester, you will perform Ethical Application Penetration Testing (EAPT) on web applications and APIs. Provide the vulnerability information in the predefined report format after performing the App Pentest using manual methodology and App Pentest tools such as Burp Suite and Web Inspect. Provide assistance to the developers in detailing the vulnerabilities reported along with the recommendations for remediation. … More

The post Cybersecurity jobs available right now: June 19, 2024 appeared first on Help Net Security.

Read More
Find out which cybersecurity threats organizations fear the most
Find out which cybersecurity threats organizations fear the most

This article compiles excerpts from various reports, presenting statistics and insights on cybersecurity threats faced by businesses and individuals alike. Cyber insurance isn’t the answer for ransom payments Veeam | 2024 Ransomware Trends Report | June 2024 Ransomware remains an ongoing threat for organizations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack. Alarmingly, 63% of organizations are at risk of reintroducing infections while … More

The post Find out which cybersecurity threats organizations fear the most appeared first on Help Net Security.

Read More
Rising exploitation in enterprise software: Key trends for CISOs
Rising exploitation in enterprise software: Key trends for CISOs

Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. “With the NVD’s delay in associating Common Vulnerabilities and Exposures (CVE) identifiers with CPE (Common Platform Enumeration) data, our report comes at a critical moment, providing much-needed insights into the evolving vulnerability landscape for enterprise software,” said Mike Walters, President of Action1. “Our goal is to arm key decision makers with essential knowledge so that they can prioritize … More

The post Rising exploitation in enterprise software: Key trends for CISOs appeared first on Help Net Security.

Read More
Atsign NoPorts establishes an encrypted IP tunnel directly between devices
Atsign NoPorts establishes an encrypted IP tunnel directly between devices

Atsign introduces NoPorts to offer a secure remote access solution, exceeding current limitations and setting a new standard for secure connectivity. NoPorts establishes an encrypted IP tunnel directly between devices, eliminating the need for exposed ports and creating a zero-trust environment. This approach empowers organizations to leverage the benefits of existing protocols like RDP, Citrix, and VPN while mitigating the inherent security risks associated with them. “Traditional remote access solutions expose organizations to a multitude … More

The post Atsign NoPorts establishes an encrypted IP tunnel directly between devices appeared first on Help Net Security.

Read More
Medibank breach: Security failures revealed (lack of MFA among them)
Medibank breach: Security failures revealed (lack of MFA among them)

The 2022 Medibank data breach / extortion attack perpetrated by the REvil ransomware group started by the attackers leveraging login credentials stolen from a private computer of an employee of a Medibank’s IT contractor. According to a statement by the Australian Information Commissioner (AIC) filed with the Federal Court of Australia, the credentials were stolen by way of infostealer malware, after that employee “saved his Medibank username and password for a number of Medibank accounts … More

The post Medibank breach: Security failures revealed (lack of MFA among them) appeared first on Help Net Security.

Read More
How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe
How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe

The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app

Read More
Preventative defense tactics in the real world
Preventative defense tactics in the real world

Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack

Read More
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023

Read More
Arid Viper poisons Android apps with AridSpy
Arid Viper poisons Android apps with AridSpy

ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine

Read More
WeLiveSecurity wins Best Cybersecurity Vendor Blog award!
WeLiveSecurity wins Best Cybersecurity Vendor Blog award!

The results of the 2024 European Cybersecurity Blogger Awards are in and the winner of the Best Cybersecurity Vendor Blog is... drumroll, please... WeLiveSecurity!

Read More
560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe
560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe

Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data

Read More
The job hunter’s guide: Separating genuine offers from scams
The job hunter’s guide: Separating genuine offers from scams

$90,000/year, full home office, and 30 days of paid leave for a junior data analyst – what's not to like? Except that these kinds of job offers are only intended to trick unsuspecting victims into giving up their data.

Read More
What happens when facial recognition gets it wrong – Week in security with Tony Anscombe
What happens when facial recognition gets it wrong – Week in security with Tony Anscombe

A facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability

Read More
The murky world of password leaks – and how to check if you’ve been hit
The murky world of password leaks – and how to check if you’ve been hit

Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look

Read More
AI in HR: Is artificial intelligence changing how we hire employees forever?
AI in HR: Is artificial intelligence changing how we hire employees forever?

Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime?

Read More
ESET World 2024: Big on prevention, even bigger on AI
ESET World 2024: Big on prevention, even bigger on AI

What is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.

Read More
Mandatory reporting of ransomware attacks? – Week in security with Tony Anscombe
Mandatory reporting of ransomware attacks? – Week in security with Tony Anscombe

As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?

Read More
Beyond the buzz: Understanding AI and its role in cybersecurity
Beyond the buzz: Understanding AI and its role in cybersecurity

A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders

Read More
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings

Read More
What happens when AI goes rogue (and how to stop it)
What happens when AI goes rogue (and how to stop it)

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response

Read More
The who, where, and how of APT attacks – Week in security with Tony Anscombe
The who, where, and how of APT attacks – Week in security with Tony Anscombe

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

Read More
Untangling the hiring dilemma: How security solutions free up HR processes
Untangling the hiring dilemma: How security solutions free up HR processes

The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?

Read More
ESET APT Activity Report Q4 2023–Q1 2024
ESET APT Activity Report Q4 2023–Q1 2024

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024

Read More
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

We spoke to climate scientist Katharine Hayhoe about climate change, faith and psychology – and how to channel anxiety about the state of our planet into meaningful action

Read More
In it to win it! WeLiveSecurity shortlisted for European Cybersecurity Blogger Awards
In it to win it! WeLiveSecurity shortlisted for European Cybersecurity Blogger Awards

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Cybersecurity Blogger Awards 2024

Read More
It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe
It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET.

Read More
RSA Conference 2024: AI hype overload
RSA Conference 2024: AI hype overload

Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.

Read More
To the Moon and back(doors): Lunar landing in diplomatic missions
To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

Read More
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft

Read More
Inspiring the next generation of scientists | Unlocked 403: Cybersecurity podcast
Inspiring the next generation of scientists | Unlocked 403: Cybersecurity podcast

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight

Read More
Pay up, or else? – Week in security with Tony Anscombe
Pay up, or else? – Week in security with Tony Anscombe

Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not

Read More
Adding insult to injury: crypto recovery scams
Adding insult to injury: crypto recovery scams

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Read More
How space exploration benefits life on Earth: An interview with David Eicher
How space exploration benefits life on Earth: An interview with David Eicher

We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth

Read More
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Read More
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes

Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security

Read More
The hacker’s toolkit: 4 gadgets that could spell security trouble
The hacker’s toolkit: 4 gadgets that could spell security trouble

Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?

Read More
What makes Starmus unique? Q&A with award-winning filmmaker Todd Miller
What makes Starmus unique? Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus

Read More
How technology drives progress: Q&A with Nobel laureate Michel Mayor
How technology drives progress: Q&A with Nobel laureate Michel Mayor

We spoke to Michel Mayor about the importance of public engagement with science and how to foster responsibility among the youth for the preservation of our changing planet

Read More
The vision behind Starmus: Q&A with the festival’s co-founder Garik Israelian
The vision behind Starmus: Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universe

Read More
Protecting yourself after a medical data breach – Week in security with Tony Anscombe
Protecting yourself after a medical data breach – Week in security with Tony Anscombe

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Read More
The many faces of impersonation fraud: Spot an imposter before it’s too late
The many faces of impersonation fraud: Spot an imposter before it’s too late

What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?

Read More
The ABCs of how online ads can impact children’s well-being
The ABCs of how online ads can impact children’s well-being

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.

Read More
eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe
eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe

Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit

Read More
Bitcoin scams, hacks and heists – and how to avoid them
Bitcoin scams, hacks and heists – and how to avoid them

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe

Read More
Beyond fun and games: Exploring privacy risks in children’s apps
Beyond fun and games: Exploring privacy risks in children’s apps

Should children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.

Read More
The devil is in the fine print – Week in security with Tony Anscombe
The devil is in the fine print – Week in security with Tony Anscombe

Temu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today

Read More
Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals
Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals

Python’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurity

Read More
RDP remains a security concern – Week in security with Tony Anscombe
RDP remains a security concern – Week in security with Tony Anscombe

Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result

Read More
How often should you change your passwords?
How often should you change your passwords?

And is that actually the right question to ask? Here’s what else you should consider when it comes to keeping your accounts safe.

Read More
Malware hiding in pictures? More likely than you think
Malware hiding in pictures? More likely than you think

There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.

Read More
AceCryptor attacks surge in Europe – Week in security with Tony Anscombe
AceCryptor attacks surge in Europe – Week in security with Tony Anscombe

The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT

Read More
Borrower beware: Common loan scams and how to avoid them
Borrower beware: Common loan scams and how to avoid them

Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.

Read More
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world

This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity

Read More
Cybersecurity starts at home: Help your children stay safe online with open conversations
Cybersecurity starts at home: Help your children stay safe online with open conversations

Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.

Read More
A prescription for privacy protection: Exercise caution when using a mobile health app
A prescription for privacy protection: Exercise caution when using a mobile health app

Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data

Read More
Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe
Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe

Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023

Read More
Threat intelligence explained | Unlocked 403: Cybersecurity podcast
Threat intelligence explained | Unlocked 403: Cybersecurity podcast

We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats

Read More
Rescoms rides waves of AceCryptor spam
Rescoms rides waves of AceCryptor spam

Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries

Read More
How to share sensitive files securely online
How to share sensitive files securely online

Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe

Read More
APT attacks taking aim at Tibetans – Week in security with Tony Anscombe
APT attacks taking aim at Tibetans – Week in security with Tony Anscombe

Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor

Read More
Election cybersecurity: Protecting the ballot box and building trust in election integrity
Election cybersecurity: Protecting the ballot box and building trust in election integrity

What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?

Read More
Top 10 scams targeting seniors – and how to keep your money safe
Top 10 scams targeting seniors – and how to keep your money safe

The internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud.

Read More
Irresistible: Hooks, habits and why you can’t put down your phone
Irresistible: Hooks, habits and why you can’t put down your phone

Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.

Read More
Deceptive AI content and 2024 elections – Week in security with Tony Anscombe
Deceptive AI content and 2024 elections – Week in security with Tony Anscombe

As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year

Read More
Evasive Panda leverages Monlam Festival to target Tibetans
Evasive Panda leverages Monlam Festival to target Tibetans

ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans

Read More
eXotic Visit campaign: Tracing the footprints of Virtual Invaders
eXotic Visit campaign: Tracing the footprints of Virtual Invaders

ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps

Read More
Vulnerabilities in business VPNs under the spotlight
Vulnerabilities in business VPNs under the spotlight

As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk

Read More
PSYOP campaigns targeting Ukraine – Week in security with Tony Anscombe
PSYOP campaigns targeting Ukraine – Week in security with Tony Anscombe

Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects

Read More
10 things to avoid posting on social media – and why
10 things to avoid posting on social media – and why

Do you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.

Read More
Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe
Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe

Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals

Read More
What is AI, really? | Unlocked 403: Cybersecurity podcast
What is AI, really? | Unlocked 403: Cybersecurity podcast

Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack AI's basics, applications and broader implications.

Read More
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

A mix of PSYOPs, espionage and … fake Canadian pharmacies!

Read More
Everything you need to know about IP grabbers
Everything you need to know about IP grabbers

Unsuspecting users beware, IP grabbers do not ask for your permission.

Read More
Watching out for the fakes: How to spot online disinformation
Watching out for the fakes: How to spot online disinformation

Why and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?

Read More
Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe
Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe

Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year

Read More
Deepfakes in the global election year of 2024: A weapon of mass deception?
Deepfakes in the global election year of 2024: A weapon of mass deception?

As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern

Read More
7 reasons why cybercriminals want your personal data
7 reasons why cybercriminals want your personal data

Here's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on it

Read More
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses

Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor

Read More
Grandoreiro banking malware disrupted – Week in security with Tony Anscombe
Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows

Read More
The buck stops here: Why the stakes are high for CISOs
The buck stops here: Why the stakes are high for CISOs

Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?

Read More
Could your Valentine be a scammer? How to avoid getting caught in a bad romance
Could your Valentine be a scammer? How to avoid getting caught in a bad romance

With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart

Read More
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora

An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes

Read More
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET takes part in global operation to disrupt the Grandoreiro banking trojan

ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology

Read More
Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe
Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe

The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK

Read More
Cyber: The Swiss army knife of tradecraft
Cyber: The Swiss army knife of tradecraft

In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike

Read More
VajraSpy: A Patchwork of espionage apps
VajraSpy: A Patchwork of espionage apps

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

Read More
Assessing and mitigating supply chain cybersecurity risks
Assessing and mitigating supply chain cybersecurity risks

Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management

Read More
Why many CISOs consider quitting – Week in security with Tony Anscombe
Why many CISOs consider quitting – Week in security with Tony Anscombe

The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings

Read More
Break the fake: The race is on to stop AI voice cloning scams
Break the fake: The race is on to stop AI voice cloning scams

As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection

Read More
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
NSPX30: A sophisticated AitM-enabled implant evolving since 2005

ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood

Read More
Virtual kidnapping: How to see through this terrifying scam
Virtual kidnapping: How to see through this terrifying scam

Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims

Read More
Is Temu safe? What to know before you ‘shop like a billionaire’
Is Temu safe? What to know before you ‘shop like a billionaire’

Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal

Read More
The 7 deadly cloud security sins – and how SMBs can do things better
The 7 deadly cloud security sins – and how SMBs can do things better

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

Read More
Lessons from SEC's X account hack – Week in security with Tony Anscombe
Lessons from SEC's X account hack – Week in security with Tony Anscombe

The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs

Read More
Attack of the copycats: How fake messaging apps and app mods could bite you
Attack of the copycats: How fake messaging apps and app mods could bite you

WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.

Read More
Love is in the AI: Finding love online takes on a whole new meaning
Love is in the AI: Finding love online takes on a whole new meaning

Is AI companionship the future of not-so-human connection – and even the cure for loneliness?

Read More
Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe
Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe

What are some of the key cybersecurity trends that people and organizations should have on their radars this year?

Read More
Lost and found: How to locate your missing devices and more
Lost and found: How to locate your missing devices and more

Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy

Read More
Cracking the 2023 SANS Holiday Hack Challenge
Cracking the 2023 SANS Holiday Hack Challenge

From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun

Read More
The art of digital sleuthing: How digital forensics unlocks the truth
The art of digital sleuthing: How digital forensics unlocks the truth

Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell

Read More
A peek behind the curtain: How are sock puppet accounts used in OSINT?
A peek behind the curtain: How are sock puppet accounts used in OSINT?

How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks

Read More
Key findings from ESET Threat Report H2 2023 – Week in security with Tony Anscombe
Key findings from ESET Threat Report H2 2023 – Week in security with Tony Anscombe

How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET's latest Threat Report

Read More
A year in review: 10 of the biggest security incidents of 2023
A year in review: 10 of the biggest security incidents of 2023

As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that befell various organizations this year

Read More
Got a new device? 7 things to do before disposing of your old tech
Got a new device? 7 things to do before disposing of your old tech

Before getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or information

Read More
Safeguard the joy: 10 tips for securing your shiny new device
Safeguard the joy: 10 tips for securing your shiny new device

Unwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly

Read More
New Blog Moderation Policy
New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something.

My options are limited because I’m just one person, and this website is free, ad-free, and anonymous. I pay for a part-time moderator out of pocket; he isn’t able to constantly monitor comments. And I’m unwilling to require verified accounts.

So starting now, we will be pre-screening comments and letting through only those that 1) are on topic, 2) contribute to the discussion, and 3) don’t attack or insult anyone. The standard is not going to be “well, I guess this doesn’t technically quite break a rule,” but “is this actually contributing.”...

The post New Blog Moderation Policy appeared first on Security Boulevard.

Read More
The Fundamental Issues with Email and How PreVeil Addresses Them
The Fundamental Issues with Email and How PreVeil Addresses Them

Email is the backbone of modern communication, both in personal and professional settings. Despite its widespread use and critical importance, traditional email systems suffer from significant security vulnerabilities at three key points: the user, the server that stores and processes emails, and the administrators who manage the system. These vulnerabilities can lead to data breaches, […]

The post The Fundamental Issues with Email and How PreVeil Addresses Them appeared first on PreVeil.

The post The Fundamental Issues with Email and How PreVeil Addresses Them appeared first on Security Boulevard.

Read More
IRONSCALES Applies Generative AI to Phishing Simulation
IRONSCALES Applies Generative AI to Phishing Simulation

phishing, simulation, AI cybersecurity

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour.

The post IRONSCALES Applies Generative AI to Phishing Simulation appeared first on Security Boulevard.

Read More
Next-Generation VPN Security Needs To Be Quantum Safe
Next-Generation VPN Security Needs To Be Quantum Safe

Everytime you connect to the internet, cryptography keeps your communication safe and secure. The digital age thrives on the secure exchange of information. But how safe is your communication? According to the FBI (Federal Bureau of Investigation), the total reported losses due to data breach was $534,397,222 in 2023. Weak encryption techniques pave the path […]

The post Next-Generation VPN Security Needs To Be Quantum Safe appeared first on Security Boulevard.

Read More
Juneteenth National Independence Day 2024
Juneteenth National Independence Day 2024

Permalink

The post Juneteenth National Independence Day 2024 appeared first on Security Boulevard.

Read More
DNS and Your Privacy: Should you use encrypted DNS?
DNS and Your Privacy: Should you use encrypted DNS?

DNS enables the easy navigation from website to website as you currently know it. However, the system wasn’t exactly designed with your privacy and security in mind.

Many DNS resolvers - such as your internet service provider's (ISP) - do not encrypt queries and may log data and metadata surrounding your queries. Additionally, unencrypted queries can be captured, viewed, and otherwise "consumed" (used) by eavesdropping third parties since data is exchanged in clear text.

Fortunately, using an encrypted DNS server provider can be a viable option for some users out there. This post aims to explore how and why - and doesn't leave out the limitations of encrypted DNS.

DNS and your privacy

Assuming you know the basics of DNS and how the system works, privacy issues surrounding DNS frequently involve the potential capture and “snooping” of DNS queries made by a device and the sending of unnecessary information (typical in the absence of QNAME minimization) to DNS servers performing the resolution.

DNS servers can log data about the device making the query, times queries were requested, and of course the query itself - ex: avoidthehack.com. Naturally, the amount of logging or even the presence of logging depends on the DNS service itself; for example, ISPs often log DNS queries and share them with a variety of third parties. Users often get no "say" or may not even be aware of this.

locked padlock on blue tech background concept

With unencrypted queries - which is often the default for most resolvers - third-parties to the transaction between the device and the DNS resolver can “eavesdrop” on queries made by devices. Eavesdropping has been has been performed by public and private organizations alike to surveil DNS traffic (and potentially hijack it.)

With the presence of HTTPS, third-party snooping devices won’t be able to see what data is passed between the client device and the web server - but with unencrypted DNS queries, it would be able to see that a query was made. Captured over time, browsing habits can be inferred from DNS requests observed.

What data is sent to DNS Servers?

Internet connections to visited websites and web apps start out as a DNS request. Assuming the absence of the requested website in a DNS cache - which can be in the browser and/or on the device itself - a query is sent to the DNS resolver.

The DNS resolver can be a machine local to the network or a service managed by a DNS service provider. The latter is generally more common (especially for most users out there); though, it is worth mentioning that local resolvers often pass queries to "upstream" DNS servers.

Again, generally, many users use the ISP’s DNS resolvers as it is the "default" and most do not know these can be changed in the browser or on the device/network (hardware/firmware permitting). Of those who know how to change DNS settings, we can safely assume most of these users, who are already a minority amongst most users, aren't running a local recursive resolver.

server rack with blue higlights and red data stream

Exact data sent to DNS resolvers vary, but data sent to DNS resolvers typically include:

  • Top-level domain (TLD) requested. This includes link clicked/domains typed into the browser address bar and background connections initiated by apps/services and resources called by websites.
  • If HTTP is used: Visited pages within the TLD. The commonality of HTTPS makes this irrelevant in the modern landscape, though some websites still serve content using a mix of HTTP/HTTPS.
  • Timestamp request was made
  • IP address of client device
  • Protocol (UDP or TCP)
  • Record type (A, AAAA, etc)

Data sent with the queries themselves can also be logged by DNS resolvers, but as mentioned previously, the details of logged data and the action of logging itself ultimately depends on the DNS service provider.

Depending on the service provider, additional information about network subnets and device identifiers (such as MAC addresses) may be embedded within DNS queries, essentially fingerprinting users or their networks.

Who can see DNS information?

Ultimately, it depends.

laptop sitting on desk in low lighting with a data stream on screen

As mentioned, DNS queries are typically unencrypted and thus clear text and readily available for anyone willing to listen.

Even with encrypted DNS, generally your device, the router, and the DNS provider can see DNS requests. If you are using your ISP’s DNS servers - which are usually the default - then they can also see your DNS requests.

Your ISP may log this information and potentially use it for their own endeavors and/or share this data with third parties - which can include advertisers or government agencies.

Unless you are using a virtual private network (VPN) or an onion routing service like the Tor network, your ISP can still see connections to IP addresses.

Benefits of using encrypted (and privacy-friendly) DNS services

Benefits of using encrypted DNS services include preventing third-party DNS query sniffing, keeping DNS traffic private from ISP, and blocking ads on a network.

Eliminate third-party sniffing of DNS queries

The primary benefit of using any encrypted DNS server is preventing third parties from sniffing traffic and seeing what DNS queries users' devices make. This is true even if the encrypted DNS provider is capturing device information or otherwise logging DNS query data and metadata (though this is far from ideal.)

magnifying glass and small keyhole in wall covered in blue light

However, it's worth mentioning that if the encrypted DNS server is indeed logging information, they may share this information with third parties - this is a different threat vector than a third party listening or capturing the queries themselves. This can be alleviated by using a "trusted" encrypted DNS provider.

Filtered (and encrypted) DNS servers can block ads/malicious domains on the network level

Some encrypted DNS providers also offer domain filtering. Depending on the provider, they may filter domains known to serve malware, ads, trackers - or any combination of these.

For example, if you set your router to use such a resolver, it will provide blocking services for devices connected to your home network.

red padlock on a dark blue tech background concept

Some DNS providers give users customization options for what is blocked or filtered. Others run specific blocklists on their servers and do not allow the user to customize what is blocked. In either case, devices/networks using DNS providers with filtering services will not connect...

The post DNS and Your Privacy: Should you use encrypted DNS? appeared first on Security Boulevard.

Read More
Implementing AI in Startups: Key Strategies for Success
Implementing AI in Startups: Key Strategies for Success

Artificial Intelligence (AI) is revolutionizing industries by enabling smarter decisions, automating tasks, and providing deeper insights. For startups, implementing AI projects can be a game-changer,...Read More

The post Implementing AI in Startups: Key Strategies for Success appeared first on ISHIR | Software Development India.

The post Implementing AI in Startups: Key Strategies for Success appeared first on Security Boulevard.

Read More
The Distributed Workforce: Why Flexibility and Trust are Essential in Cybersecurity
The Distributed Workforce: Why Flexibility and Trust are Essential in Cybersecurity

A distributed workforce allows us to secure a globally connected world. It widens our talent pool, accelerates innovation, and increases our 24/7 vigilance

The post The Distributed Workforce: Why Flexibility and Trust are Essential in Cybersecurity appeared first on Security Boulevard.

Read More
USENIX Security ’23 – AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering
USENIX Security ’23 – AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering

Authors/Presenters:Ji Shi, Zhun Wang, Zhiyao Feng, Yang Lan, Shisong Qin, Wei You, Wei Zou, Mathias Payer, Chao Zhang

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

The post USENIX Security ’23 – AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering appeared first on Security Boulevard.

Read More
How to Detect and Prevent Insider Threats in a Virtual Environment [Hands-on Guide]
How to Detect and Prevent Insider Threats in a Virtual Environment [Hands-on Guide]

The rising use of virtual environments (VEs) has transformed the ways we work, offering increased flexibility and accessibility. However, this shift also introduces new security challenges. Traditional security measures may not work as effectively in VEs, which creates an opportunity for insider threat actors to exploit vulnerabilities to steal sensitive data, disrupt critical systems, or […]

The post How to Detect and Prevent Insider Threats in a Virtual Environment [Hands-on Guide] appeared first on Security Boulevard.

Read More
Crown Equipment confirms a cyberattack disrupted manufacturing
Crown Equipment confirms a cyberattack disrupted manufacturing

Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [...]

Read More
Advance Auto Parts confirms data breach exposed employee information
Advance Auto Parts confirms data breach exposed employee information

Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [...]

Read More
CDK Global cyberattack impacts thousands of US car dealerships
CDK Global cyberattack impacts thousands of US car dealerships

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [...]

Read More
"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [...]

Read More
Microsoft says bug causes Windows 10 apps to display Open With dialogs
Microsoft says bug causes Windows 10 apps to display Open With dialogs

Microsoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. [...]

Read More
AMD investigates breach after data for sale on hacking forum
AMD investigates breach after data for sale on hacking forum

AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. [...]

Read More
ONNX phishing service targets Microsoft 365 accounts at financial firms
ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [...]

Read More
VMware fixes critical vCenter RCE vulnerability, patch now
VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. [...]

Read More
Scathing report on Medibank cyberattack highlights unenforced MFA
Scathing report on Medibank cyberattack highlights unenforced MFA

A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [...]

Read More
FTC files complaint against Adobe for deceptive cancellation practices
FTC files complaint against Adobe for deceptive cancellation practices

The Federal Trade Commission has filed a complaint in US federal court against Adobe and two executives, Maninder Sawhney and David Wadhwani, for deceptive practices related to their subscription plans. [...]

Read More
Two men guilty of breaching law enforcement portal in blackmail scheme
Two men guilty of breaching law enforcement portal in blackmail scheme

Two men have pleaded guilty to hacking into a federal law enforcement database to steal personal information of those they were extorting. [...]

Read More
Hugging Face says it detected ‘unauthorized access’ to its AI model hosting platform
Hugging Face says it detected ‘unauthorized access’ to its AI model hosting platform

Late Friday afternoon, a time window companies usually reserve for unflattering disclosures, AI startup Hugging Face said that its security team earlier this week detected “unauthorized access” to Spaces, Hugging Face’s platform for creating, sharing and hosting AI models and resources. In a blog post, Hugging Face said that the intrusion related to Spaces secrets, […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
WitnessAI is building guardrails for generative AI models
WitnessAI is building guardrails for generative AI models

Generative AI makes stuff up. It can be biased. Sometimes it spits out toxic text. So can it be “safe”? Rick Caccia, the CEO of WitnessAI, believes it can. “Securing AI models is a real problem, and it’s one that’s especially shiny for AI researchers, but it’s different from securing use,” Caccia, formerly SVP of […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Google adds live threat detection and screen-sharing protection to Android
Google adds live threat detection and screen-sharing protection to Android

The company said it is increasing the on-device capability of its Google Play Protect system to detect fraudulent apps trying to breach sensitive permissions.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Google expands passkey support to its Advanced Protection Program ahead of the US presidential election
Google expands passkey support to its Advanced Protection Program ahead of the US presidential election

Ahead of the U.S. presidential election, Google is bringing passkey support to its Advanced Protection Program (APP), which is used by people who are at high risk of targeted attacks, such as campaign workers, candidates, journalists, human rights workers, and more. APP traditionally required the use of hardware security keys, but soon users can enroll […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Citigroup’s VC arm invests in API security startup Traceable
Citigroup’s VC arm invests in API security startup Traceable

In 2019, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks. Attacks on APIs — the sets of protocols that establish how platforms, apps […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
With $175M in new funding, Island is putting the browser at the center of enterprise security
With $175M in new funding, Island is putting the browser at the center of enterprise security

When a company raises $175M at a $3B valuation, it gets your attention. When that startup is a browser company, all the more.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
SafeBase taps AI to automate software security reviews
SafeBase taps AI to automate software security reviews

Security review automation platform SafeBase has raised new cash from investors including Zoom's corporate VC arm.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Despite complaints, Apple hasn’t yet removed an obviously fake app pretending to be RockAuto
Despite complaints, Apple hasn’t yet removed an obviously fake app pretending to be RockAuto

Apple’s App Store isn’t always as trustworthy as the company claims. The latest example comes from RockAuto, an auto parts dealer popular with home mechanics and other DIYers, which is upset that a fake app masquerading as its official app has not been removed from the App Store, despite numerous complaints to Apple. RockAuto co-founder […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Simbian brings AI to existing security tools
Simbian brings AI to existing security tools

Simbian is a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tooling.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Apple alerts users in 92 nations to mercenary spyware attacks
Apple alerts users in 92 nations to mercenary spyware attacks

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks. The company said it sent the alerts to individuals in 92 nations at 12 p.m. Pacific Time Wednesday. The notification, which TechCrunch has seen, did not disclose the attackers’ identities or […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Google injects generative AI into its cloud security tools
Google injects generative AI into its cloud security tools

At Cloud Next, many of the announcements had to do with Gemini, Google's flagship family of generative AI models.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Zscaler buys Avalor to bring more AI into its security tools
Zscaler buys Avalor to bring more AI into its security tools

Zscaler, a cloud security company with headquarters in San Jose, California, has acquired cybersecurity startup Avalor 26 months after its founding, reportedly for $310 million in cash and equity. In a press release announcing the news, Zscaler founder and CEO Jay Chaudhry said that the deal would expand Zscaler’s platform with capabilities including streamlined reporting of […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Reach Security taps a company’s existing tools to fight cyber threats
Reach Security taps a company’s existing tools to fight cyber threats

Thanks to an uncertain economy, cybersecurity budgets are in a tight spot. According to a 2023 survey from IANS and recruiting firm Artico Search, more than a third of chief information security officers (CISOs) kept their security spending the same — or slightly reduced — in 2023. A separate report from PwC suggests that one […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Cycode acquires Bearer to accelerate its move into AI-enhanced security remediation
Cycode acquires Bearer to accelerate its move into AI-enhanced security remediation

Cycode is a well-funded startup that offers an end-to-end application security posture management platform — that is, a tool that continuously scans code (and the libraries it relies on) for potential security vulnerabilities throughout the software development life cycle and then helps remediate those issues. Today, the company announced that it has acquired Bearer, a […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack
Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data. Cybersecurity giant Mandiant said in a post on Friday that it has “identified mass exploitation” […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Apple readies iMessage for when quantum computers could break encryption
Apple readies iMessage for when quantum computers could break encryption

Apple announced today it is upgrading iMessage’s security layer to post-quantum cryptography, starting in iOS and iPadOS 17.4, macOS 14.4 and watchOS 10.4. The technology giant said that in the coming years, quantum computers will be able to break today’s cryptography standards. That’s why Apple said it is changing how end-to-end encryption works with iMessage […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
1Password expands its endpoint security offerings with Kolide acquisition
1Password expands its endpoint security offerings with Kolide acquisition

1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees will join 1Password “as an intact team.” Meller has taken on the role of VP […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
BMW security lapse exposed sensitive company information, researcher finds
BMW security lapse exposed sensitive company information, researcher finds

A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Yoleri said the exposed Microsoft Azure–hosted […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
KTrust launches an automated red team for Kubernetes security
KTrust launches an automated red team for Kubernetes security

KTrust, a Tel Aviv–based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive approach. It deploys an automated system that tries to hack into the system. This allows […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Twitter rival Spoutible alleges smear campaign amid security breach controversy
Twitter rival Spoutible alleges smear campaign amid security breach controversy

A user on the Twitter/X alternative Spoutible claims the company deleted their posts after they pushed Spoutible CEO Christopher Bouzy to be more honest about the nature of its recent security issue. The claims, which the company denies, are the latest bizarre twist in the security incident saga taking place over the past week at […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Navigating the Digital SEO and Cybersecurity Landscape
Navigating the Digital SEO and Cybersecurity Landscape

In the rapidly evolving digital landscape, two critical aspects of online business management stand out: Search Engine Optimization (SEO) and cybersecurity. While these fields might seem disparate at first glance, they intersect in significant ways that can have a huge impact on a business’s online presence and overall security posture. Understanding the relationship between SEO … Continue reading Navigating the Digital SEO and Cybersecurity Landscape

The post Navigating the Digital SEO and Cybersecurity Landscape appeared first on KoDDoS Blog.

Read More
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

Recently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.

Read More
Compromised routers allowed online criminals to target Pentagon contract site
Compromised routers allowed online criminals to target Pentagon contract site

A hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site

The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.

Read More
1.2 million customers of Mom’s Meals were affected after the recent data breach
1.2 million customers of Mom’s Meals were affected after the recent data breach

A recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach

The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.

Read More
How VPNs Can Defend Against the Threat of Hacking
How VPNs Can Defend Against the Threat of Hacking

As our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking

The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.

Read More
Terra Developers Shut Down Website Amid A Phishing Campaign
Terra Developers Shut Down Website Amid A Phishing Campaign

The website of layer one blockchain network Terra has been targeted by a hacking campaign over the weekend. During this hacking campaign, hackers used unauthorized access to run a phishing campaign on visitors to the site. These visitors are usually forced to link their online and hardware wallets to the website, which is compromised. Terra’s … Continue reading Terra Developers Shut Down Website Amid A Phishing Campaign

The post Terra Developers Shut Down Website Amid A Phishing Campaign appeared first on KoDDoS Blog.

Read More
Foreign Spies And Hackers Target The US Space Industry
Foreign Spies And Hackers Target The US Space Industry

Intelligence agencies in the United States have warned about foreign spies targeting the US space sector. According to these agencies, hackers have also been launching hacking campaigns against the US space industry, which could significantly affect the US satellite infrastructure. Foreign spies and hackers target the US space industry The National Counterintelligence and Security Center … Continue reading Foreign Spies And Hackers Target The US Space Industry

The post Foreign Spies And Hackers Target The US Space Industry appeared first on KoDDoS Blog.

Read More
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

A recent study has detected a high-severity vulnerability with the WinRAR file archiver utility for Windows. Millions of people use WinRAR, which can be deployed to execute commands on a computer whenever a user opens an archive. WinRAR flaw allows hackers to assume control over PCs The flaw in question is tracked as CVE-2023-40477, allowing … Continue reading High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

The post High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs appeared first on KoDDoS Blog.

Read More
Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate
Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

A Chinese hacker group, Bronze Starlight, has launched a hacking campaign against the Southeast Asian gambling industry. The hacker group has used a valid certificate to launch this malicious campaign while also using the Ivacy Virtual Private Network (VPN). Bronze Starlight hacker group linked to a recent campaign The activities of this hacker group were … Continue reading Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

The post Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate appeared first on KoDDoS Blog.

Read More
North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills
North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

Hackers based in North Korea conducted an unsuccessful campaign to access information on a joint military drill operation by the US and South Korean military forces. The military drills will commence on Monday, explaining why South Korean hackers are trying to obtain access to the activity. North Korean hackers Target US-South Korean Military drills The … Continue reading North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

The post North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills appeared first on KoDDoS Blog.

Read More
Tripwire Patch Priority Index for May 2024
Tripwire Patch Priority Index for May 2024

Tripwire's June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the list this month is a patch for Microsoft Windows Error Reporting (CVE-2024-26169). This CVE is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Next on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and spoofing vulnerabilities. Next on the patch priority list this month is a patch for Microsoft Excel that resolves a remote code execution vulnerability. Up next are patches for...

Read More
Where Security Starts in Your Security Projects
Where Security Starts in Your Security Projects

The successful implementation of new tools and processes hinges not just on the technology itself but on meticulous project management. From ensuring secure access to the underlying infrastructure, a new tool will be implemented upon defining clear goals and understanding the security footprint of the service. Even the earliest steps of your rollout can be important in the long run. Getting all the parts right from the onset helps to ensure that you can reap the benefits of a successful deployment far faster and easier than those who might stumble at the initial stages. Defining Clear Goals...

Read More
How to Spot a Winning NERC CIP Project
How to Spot a Winning NERC CIP Project

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations often make exacting demands of Fortra Tripwire's customers, requiring them to update or create new change processes and document those processes in order to comply. In any NERC CIP-centered IT\OT project, there are always crucial indicators of success - even before the project gets underway. Here are the major factors for managers and decision-makers to keep in mind before they begin. The intent is to enable accurate scoping of projects, as well as identifying areas where Professional...

Read More
Integrity and FIM: It’s More than Just Data Security
Integrity and FIM: It’s More than Just Data Security

Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program. Fundamentally, integrity ensures that no one tampers with your assets, whatever and wherever they may be. From protecting your network, systems, physical assets, and more, applying integrity to your entire...

Read More
Cybersecurity Checklist: 9 Ways to Stay Safe on Your Summer Travels
Cybersecurity Checklist: 9 Ways to Stay Safe on Your Summer Travels

As summer approaches, many of us are eagerly planning our much-awaited vacations. Whether you're jetting off to exotic destinations or embarking on a road trip closer to home, it's important to remember that cybersecurity should be a part of your travel checklist. From safeguarding your devices to protecting your personal information, here are some easy-to-follow tips to ensure a cyber-safe summer getaway... Leave your corporate devices at home: For non-work-related travels, do not take your corporate-issued devices. Instead, store them in a safe place in your home. Update, Update, Update...

Read More
Testing Banking Website Security: What You Need to Know
Testing Banking Website Security: What You Need to Know

With 86% of UK adults using a form of online or remote banking and high street banks closing in record numbers, banking websites have become an integral part of our daily lives. They have changed how we manage our money, allowing us to send and receive money from anywhere in the world, open or close accounts at the click of a button (or tap or a screen), and avoid queuing in physical banks. They have also transformed the UK's criminal landscape. In the '90s, the "Bank Job" was a massive part of British criminal life, with 847 bank robberies taking place in 1992 alone. By 2011, that number had...

Read More
A Deep Dive into SELinux
A Deep Dive into SELinux

Security-Enhanced Linux (SELinux), initially known for its perceived complexity in configuration and maintenance, has evolved into an indispensable security architecture across most Linux distributions. It empowers administrators to finely control the actions permitted to individual users, processes, and system daemons, thereby bolstering defense against potential security breaches. Through the enforcement of precise security parameters, SELinux functions within the kernel to partition security policies and oversee their implementation, granting administrators heightened authority over system...

Read More
Watch Out! CISA Warns It Is Being Impersonated By Scammers
Watch Out! CISA Warns It Is Being Impersonated By Scammers

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees in an attempt to commit fraud. In an alert posted on the CISA website, the organisation warned that so-called impersonation scams are on the rise. An impersonation scam is any type of fraud where a criminal pretends to be a trusted individual or organisation to dupe a victim into handing over personal information or money or taking an unwise action. Impersonation scammers will often put some effort into making their fraudulent communications look more convincing, such as...

Read More
4 Things a Good Vulnerability Management Policy Should Include
4 Things a Good Vulnerability Management Policy Should Include

The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated. 1. Overview: Summary of Vulnerability Management Policy Taking the time to give a short summary of the policy and who and what it involves will help to better flesh out the policy the organization is trying to implement. Describing what types of devices, software, and networks are subject to vulnerability...

Read More
Breaking Compliance into Bite-Sized Portions
Breaking Compliance into Bite-Sized Portions

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does not always equal security. For many organizations, the sheer complexity of a compliance framework results in a patchwork of semi-satisfied security professionals, executives, and auditors. It doesn’t have to be that way. Loosely Embrace Uncertainty...

Read More
Amtrak Data Breach: Hackers Accessed User’s Email Address
Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards accounts. The breach between May 15, 2024, and May 18, 2024, allowed unauthorized parties to access users’ accounts. The company believes the hackers obtained login credentials from third-party sources rather than Amtrak’s systems. This incident has raised customers’ concerns about the […]

The post Amtrak Data Breach: Hackers Accessed User’s Email Address appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Chrome Security Update – Patch for 6 Vulnerabilities
Chrome Security Update – Patch for 6 Vulnerabilities

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux. This update, which will be distributed over the coming days and weeks, addresses several security vulnerabilities. Users are encouraged to update their browsers to protect themselves against potential threats. The official Chrome Log […]

The post Chrome Security Update – Patch for 6 Vulnerabilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware
Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group, Void Arachne. This group has targeted Chinese-speaking users by distributing malicious Windows Installer (MSI) files. The campaign leverages popular software and AI technologies to lure unsuspecting victims, leading to severe security breaches and potential financial losses. Void Arachne’s campaign primarily targets […]

The post Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data
Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data

Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic.  The channels function as technical support hubs where users exchange instructions on creating custom payloads, setting up secure tunnels, and manipulating HTTP […]

The post Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication
New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication

Several phishing campaign kits have been used widely by threat actors in the past. One popular PhaaS (Phishing-as-a-Platform) was Caffeine, which was first identified and reported by Mandiant researchers.  MRxC0DER, an Arabic-speaking threat actor, developed and maintained the caffeine kit. However, Caffeine has now been discovered to be rebranded as ONNX Store and is found […]

The post New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Stuxnet, The Malware That Propagates To Air-Gapped Networks
Stuxnet, The Malware That Propagates To Air-Gapped Networks

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities. By exploiting multiple vulnerabilities, including zero-days, it breached air-gapped networks (isolated systems) and disrupted Iranian nuclear centrifuges controlled by Siemens Step7 software.  It exposed the limitations of traditional security and highlighted the evolving cyber threat landscape, […]

The post Stuxnet, The Malware That Propagates To Air-Gapped Networks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Threat Actors Claiming Breach of AMD Source Code on Hacking Forums
Threat Actors Claiming Breach of AMD Source Code on Hacking Forums

A threat actor named ” IntelBroker ” claims to have breached AMD in June 2024 and is now selling the allegedly stolen data on hacking forums. The compromised information reportedly includes sensitive data such as future AMD product plans, specification sheets, employee and customer databases, property files, ROMs, source code, firmware, and financial documents. According […]

The post Threat Actors Claiming Breach of AMD Source Code on Hacking Forums appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Beware of Nevermore Actor Promoting Ransomware Builder
Beware of Nevermore Actor Promoting Ransomware Builder

A prominent figure from the dark web, known by the alias “Nevermore,” has been found promoting a sophisticated ransomware builder. This alarming development has raised concerns among cybersecurity experts and law enforcement agencies worldwide. The Rise of Nevermore Nevermore, a notorious actor in the cybercrime community has been on the radar of authorities for several […]

The post Beware of Nevermore Actor Promoting Ransomware Builder appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Beware Of Fake Microsoft Teams Website That Installs Oyster Malware
Beware Of Fake Microsoft Teams Website That Installs Oyster Malware

Fake websites of authoritative and popular companies claiming to be genuine sites make users believe that the site belongs to that specific company and is safe to use. Besides this, hackers can more easily lure victims into entering sensitive information or downloading malware by mimicking popular and reputable brands. Cybersecurity researchers at Rapid 7 identified […]

The post Beware Of Fake Microsoft Teams Website That Installs Oyster Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Singapore Police Arrested Two Individuals Involved in Hacking Android Devices
Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for their suspected involvement in malware-enabled scams targeting Singaporeans since June 2023. The suspects will be charged in court today. The SPF, in collaboration with the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), formed a joint investigation team […]

The post Singapore Police Arrested Two Individuals Involved in Hacking Android Devices appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Read More
U.S. election official: ‘Whack-a-mole’ strategies less effective to combat disinfo
U.S. election official: ‘Whack-a-mole’ strategies less effective to combat disinfo

A more fragmented information ecosystem is making it more difficult to combat disinformation. 

The post U.S. election official: ‘Whack-a-mole’ strategies less effective to combat disinfo appeared first on CyberScoop.

Read More
Community colleges, HBCUs get cyber talent boost under bipartisan House bill
Community colleges, HBCUs get cyber talent boost under bipartisan House bill

The Cybersecurity Clinics Grant Program Act aims to provide “high-potential paths” to cyber jobs at two-year colleges and minority-serving institutions.

The post Community colleges, HBCUs get cyber talent boost under bipartisan House bill appeared first on CyberScoop.

Read More
British national with possible links to high-profile phishing campaigns arrested in Spain
British national with possible links to high-profile phishing campaigns arrested in Spain

Authorities have yet to formally identify the 22-year-old, but reports suggest he was a prominent player in “the Com” ecosystem.

The post British national with possible links to high-profile phishing campaigns arrested in Spain appeared first on CyberScoop.

Read More
CISA leads first tabletop exercise for AI cybersecurity
CISA leads first tabletop exercise for AI cybersecurity

The Biden administration-led exercise featured 15 companies and several international cyber agencies.

The post CISA leads first tabletop exercise for AI cybersecurity appeared first on CyberScoop.

Read More
Lawmakers question Microsoft president over China ties, repeated breaches
Lawmakers question Microsoft president over China ties, repeated breaches

Brad Smith defended the company at a time of growing concerns about whether the tech giant is sufficiently prioritizing security.

The post Lawmakers question Microsoft president over China ties, repeated breaches appeared first on CyberScoop.

Read More
GAO reminds White House of cyber backlog
GAO reminds White House of cyber backlog

An 80-page report from the government watchdog details the cybersecurity policy to-do list for the White House.

The post GAO reminds White House of cyber backlog appeared first on CyberScoop.

Read More
Microsoft’s Brad Smith should prepare for ‘ritual punishment’ before House hearing
Microsoft’s Brad Smith should prepare for ‘ritual punishment’ before House hearing

Some experts are doubtful the Homeland Security Committee testimony and questioning of Microsoft chief Brad Smith will lead to significant change.

The post Microsoft’s Brad Smith should prepare for ‘ritual punishment’ before House hearing appeared first on CyberScoop.

Read More
Microsoft’s Recall puts the Biden administration’s cyber credibility on the line
Microsoft’s Recall puts the Biden administration’s cyber credibility on the line

Why has the White House remained silent on the launch of a product that violates the spirit and letter of its flagship cybersecurity initiatives?

The post Microsoft’s Recall puts the Biden administration’s cyber credibility on the line appeared first on CyberScoop.

Read More
Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say
Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say

The ongoing operation claims international organizations and the defense industry as its victims, per authorities.

The post Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say appeared first on CyberScoop.

Read More
Massachusetts town loses $445,000 in email scam
Massachusetts town loses $445,000 in email scam

A business email compromise cyberattack has cost the small town on Arlington, Massachusetts, more than $445,000.

The post Massachusetts town loses $445,000 in email scam appeared first on CyberScoop.

Read More
Alleged researchers stole $3 million from Kraken exchange
Alleged researchers stole $3 million from Kraken exchange

Alleged researchers have exploited a zero-day in Kraken crypto exchange to steal $3 million worth of cryptocurrency. Kraken Chief Security Officer Nick Percoco revealed that alleged security researchers exploited a zero-day flaw to steal $3 million worth of cryptocurrency. The researchers are refusing to return the stolen funds. Percoco revealed that a security researcher reported […]

Read More
Google Chrome 126 update addresses multiple high-severity flaws
Google Chrome 126 update addresses multiple high-severity flaws

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an […]

Read More
Chip maker giant AMD investigates a data breach
Chip maker giant AMD investigates a data breach

AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” the […]

Read More
Cryptojacking campaign targets exposed Docker APIs
Cryptojacking campaign targets exposed Docker APIs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet […]

Read More
VMware fixed RCE and privilege escalation bugs in vCenter Server
VMware fixed RCE and privilege escalation bugs in vCenter Server

VMware addressed vCenter Server vulnerabilities that can allow remote code execution or privilege escalation. VMware addressed multiple vCenter Server vulnerabilities that remote attackers can exploit to achieve remote code execution or privilege escalation. vCenter Server is a centralized management platform developed by VMware for managing virtualized environments. The vCenter Server contains multiple heap-overflow flaws, tracked […]

Read More
Meta delays training its AI using public content shared by EU users
Meta delays training its AI using public content shared by EU users

Meta announced it is postponing the training of its large language models using public content from adult Facebook and Instagram users in the EU. Meta announced it is delaying the training of its large language models (LLMs) using public content shared by adults on Facebook and Instagram following the Irish Data Protection Commission (DPC) request. […]

Read More
Keytronic confirms data breach after ransomware attack
Keytronic confirms data breach after ransomware attack

Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data breach after a ransomware attack. Keytronic has confirmed a data breach after a ransomware group leaked allegedly stolen personal information from its systems. The company did not provide any info on the ransomware operation that hit its network, however Black Basta ransomware group leaked over […]

Read More
The Financial Dynamics Behind Ransomware Attacks
The Financial Dynamics Behind Ransomware Attacks

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. Initially, these attacks involved malicious software that encrypts a victim’s data, rendering it inaccessible until a ransom is paid to the attackers. Today, this tactic has evolved, where ransomware operators in nearly every case first exfiltrate […]

Read More
Empire Market owners charged with operating $430M dark web marketplace
Empire Market owners charged with operating $430M dark web marketplace

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated over $430 million in illegal transactions. Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “Empire Market” from 2018 to 2020. […]

Read More
China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign
China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia researchers responded to an incident suffered by a large organization that they attributed to a China-linked threat actor tracked as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to […]

Read More
AI Receptionists For GPs Launched By Customer Service Firm InTouchNow
AI Receptionists For GPs Launched By Customer Service Firm InTouchNow

AI receptionists for GPs and medical practices are now being operated throughout the country, thanks to the help of customer service centre, InTouchNow. The Hertfordshire-based company has been trading for 30 years and has developed its own technology and softwares in-house, whilst keeping a close eye on the innovation and growth of AI.   Get […]

The post AI Receptionists For GPs Launched By Customer Service Firm InTouchNow first appeared on IT Security Guru.

The post AI Receptionists For GPs Launched By Customer Service Firm InTouchNow appeared first on IT Security Guru.

Read More
Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year
Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year

API security professionals at Salt Security have revealed the findings of their latest Salt Labs State of API Security Report, 2024. The research, which analysed survey responses from 250 IT and security professionals, combined with anonymised empirical data from Salt customers, highlights a lack of API security maturity and posture governance across organisations, leading to […]

The post Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year first appeared on IT Security Guru.

The post Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year appeared first on IT Security Guru.

Read More
Defending your ever-changing attack surface
Defending your ever-changing attack surface

The very elements crucial for a business’s functionality and prosperity are also its greatest vulnerabilities from a cybersecurity standpoint. Emails, files, remote/hybrid work setups, and various devices and tools streamline business operations but also pose significant cybersecurity risks. These areas, where external factors come into play, are the least secure, representing vulnerabilities in your organisation’s […]

The post Defending your ever-changing attack surface first appeared on IT Security Guru.

The post Defending your ever-changing attack surface appeared first on IT Security Guru.

Read More
Why ransomware is still important to business resilience
Why ransomware is still important to business resilience

Ransomware may be an old technique, however, due to increasing levels of digital connectivity, are witnessing a proliferation of ransomware attacks in recent years, which pose significant threats to individuals, businesses, and entire industry sectors industries.   Ransomware, in its current form, has evolved into a lucrative criminal enterprise, exploiting vulnerabilities in cybersecurity defences worldwide.   This […]

The post Why ransomware is still important to business resilience first appeared on IT Security Guru.

The post Why ransomware is still important to business resilience appeared first on IT Security Guru.

Read More
Outpost24 Launches Exposure Management Platform To Help Organizations Reduce Attack Surface Risk
Outpost24 Launches Exposure Management Platform To Help Organizations Reduce Attack Surface Risk

Outpost24 has launched its Outpost24 Exposure Management Platform, a new integrated exposure management solution designed to empower organizations to continuously monitor and proactively remediate threats against the growing attack surface.  As a result of digital transformation, increased adoption of SaaS applications, and the use of cloud technologies, businesses are seeing a rapidly expanding attack surface, […]

The post Outpost24 Launches Exposure Management Platform To Help Organizations Reduce Attack Surface Risk first appeared on IT Security Guru.

The post Outpost24 Launches Exposure Management Platform To Help Organizations Reduce Attack Surface Risk appeared first on IT Security Guru.

Read More
Survey Finds Growing Number of Tech Tools Makes Cybersecurity Professionals Feel “Out of Control”
Survey Finds Growing Number of Tech Tools Makes Cybersecurity Professionals Feel “Out of Control”

New research reveals that nearly half of security professionals (48%) say they favour standalone security solutions for specific issues. The new research by Keeper Security also revealed that cybersecurity professionals, on average, have been left grappling with 32 different security solutions in their tech stacks, with some managing hundreds of different security tools. Moreover, one in […]

The post Survey Finds Growing Number of Tech Tools Makes Cybersecurity Professionals Feel “Out of Control” first appeared on IT Security Guru.

The post Survey Finds Growing Number of Tech Tools Makes Cybersecurity Professionals Feel “Out of Control” appeared first on IT Security Guru.

Read More
Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns
Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns

A new threat actor group known as Gitloker has launched an alarming campaign that wipes victims’ GitHub repositories and attempts to extort them. Victims are finding their repositories erased, replaced only by a solitary README file bearing the message: “I hope this message finds you well. This is an urgent notice to inform you that […]

The post Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns first appeared on IT Security Guru.

The post Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns appeared first on IT Security Guru.

Read More
Men’s Mental Health Week: Resource Guide
Men’s Mental Health Week: Resource Guide

10th – 16th June 2024 is International Men’s Mental Health Week. It may feel like there are too many ‘awareness dates’, however this week is especially important. Men are far less likely to talk about mental health than women (it is thought that only 36% of referrals to NHS talking therapies are for men and […]

The post Men’s Mental Health Week: Resource Guide first appeared on IT Security Guru.

The post Men’s Mental Health Week: Resource Guide appeared first on IT Security Guru.

Read More
Is Your Business Under Attack From AI?
Is Your Business Under Attack From AI?

Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses. The latest threats from AI you should […]

The post Is Your Business Under Attack From AI? first appeared on IT Security Guru.

The post Is Your Business Under Attack From AI? appeared first on IT Security Guru.

Read More
Finance Phantom Review – A Crypto Trading Robot that Can Be Your Guardian Too
Finance Phantom Review – A Crypto Trading Robot that Can Be Your Guardian Too

Entering the world of crypto trading is easy, but if you have plans to stay there on a long-term basis then you have to acknowledge all the ups and downs of it. This constant fluctuation won’t stop but what you can do to manage it? To your knowledge, this fluctuation can also make it extremely […]

The post Finance Phantom Review – A Crypto Trading Robot that Can Be Your Guardian Too first appeared on IT Security Guru.

The post Finance Phantom Review – A Crypto Trading Robot that Can Be Your Guardian Too appeared first on IT Security Guru.

Read More
Cybersecurity as a Service Market: A Domain of Innumerable Opportunities
Cybersecurity as a Service Market: A Domain of Innumerable Opportunities

Cybersecurity as a Service Market By Aashi Mishra, Content Writer, Research Nester The increased internet usage, all across the globe, is giving rise to cybercrime cases. Cybercrime is any unlawful […]

The post Cybersecurity as a Service Market: A Domain of Innumerable Opportunities appeared first on Cyber Defense Magazine.

Read More
How Improving EV Charging Infrastructure Can Bolster US Cybersecurity Measures
How Improving EV Charging Infrastructure Can Bolster US Cybersecurity Measures

By Elaina Farnsworth, Co-founder & CEO — SkillFusion The surging popularity of electric vehicles (EVs) is marking a strong push toward overall sustainability for the United States. However, as EV […]

The post How Improving EV Charging Infrastructure Can Bolster US Cybersecurity Measures appeared first on Cyber Defense Magazine.

Read More
Navigating the Perilous Waters of Supply Chain Cybersecurity
Navigating the Perilous Waters of Supply Chain Cybersecurity

By Kenneth Moras Introduction: In today’s interconnected business environment, reliance on innovative vendors and open source solutions is inevitable. However, these supply chains also stand on the frontline in the […]

The post Navigating the Perilous Waters of Supply Chain Cybersecurity appeared first on Cyber Defense Magazine.

Read More
The Challenge of Combatting Threats Against Autonomous Vehicles
The Challenge of Combatting Threats Against Autonomous Vehicles

By Joseph Hladik, Cyber Group Lead, Neya Systems From perception and sensing to mapping and localization, both off-road and on-road autonomous vehicles rely heavily on software and connectivity to operate […]

The post The Challenge of Combatting Threats Against Autonomous Vehicles appeared first on Cyber Defense Magazine.

Read More
Emerging Technology Review and Needs
Emerging Technology Review and Needs

By Milica D. Djekic The progress distribution is a slow and time-consuming process that normally might take decades and sometimes centuries in order to deliver a betterment for many to […]

The post Emerging Technology Review and Needs appeared first on Cyber Defense Magazine.

Read More
Spotlight on Scribe Security
Spotlight on Scribe Security

By Dan K. Anderson vCISO and On-Call Roving Reporter, Cyber Defense Magazine In my travels and works one of the most difficult challenges for Security is achieving good relations and […]

The post Spotlight on Scribe Security appeared first on Cyber Defense Magazine.

Read More
Combating Cyber-attacks with Threat-Intelligence
Combating Cyber-attacks with Threat-Intelligence

Navigate the threat intelligence market’s journey through the digital domain and how it integrates to provide a better solution. By Deboleena Dutta, Junior Content Writer, Research Nester In today’s digitally […]

The post Combating Cyber-attacks with Threat-Intelligence appeared first on Cyber Defense Magazine.

Read More
Mastering the Art of Digital Management: Potential Risks and Business Best Practices
Mastering the Art of Digital Management: Potential Risks and Business Best Practices

By Allison Raley, Partner, Arnall Golden Gregory Cryptocurrency has opened unprecedented opportunities for businesses to streamline transactions across global markets, revolutionizing the traditional financial landscape. By leveraging blockchain technology, businesses […]

The post Mastering the Art of Digital Management: Potential Risks and Business Best Practices appeared first on Cyber Defense Magazine.

Read More
How to Design a Zero Trust Strategy for Remote Workers
How to Design a Zero Trust Strategy for Remote Workers

By Federico Charosky, Founder and CEO, Quorum Cyber The modern workforce expects to work anywhere from any device. To support this approach investment is needed in a broader security program […]

The post How to Design a Zero Trust Strategy for Remote Workers appeared first on Cyber Defense Magazine.

Read More
The TikTok Ban Spells Trouble for Chinese IoT
The TikTok Ban Spells Trouble for Chinese IoT

What businesses should do today to prepare for likely bans across Chinese tech tomorrow By Carsten Rhod Gregersen, Founder and CEO of Nabto It’s happening. Following years of rumors, The […]

The post The TikTok Ban Spells Trouble for Chinese IoT appeared first on Cyber Defense Magazine.

Read More
Malicious Life Podcast: What Happened at Uber?
Malicious Life Podcast: What Happened at Uber?

In 2016, Joe Sullivan, former CISO of Facebook, was at the peak of his career. As Uber's new CISO, he and his team had just successfully prevented data from a recent breach from leaking to the internet. But less than a year later, Sullivan was unexpectedly fired from Uber, and three years later, the US Department of Justice announced criminal charges against him.

So, what happened at Uber?


Read More
THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH
THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Read More
Malicious Life Podcast: The Nigerian Prince
Malicious Life Podcast: The Nigerian Prince

In this episode of ML, we're exploring the history of the well-known Nigerian Prince scam, also known as 419 or advanced fee scam, from its roots in a Parisian prison during the French Revolution, to the economic and social reason why this particular scam became so popular with African youth. Also, will AI make such scams more dangerous - or, counter intuitively, go against the interests of scammers?

Read More
Malicious Life Podcast: Unmasking Secrets: The Rise of Open-Source Intelligence
Malicious Life Podcast: Unmasking Secrets: The Rise of Open-Source Intelligence

Dive into the world of open-source intelligence (OSINT) in this episode, where we uncover how ordinary citizens use publicly available data to unravel some of the most complex global mysteries. From tracking conflicts in real-time to exposing the truth behind high-profile incidents like the downing of Malaysia Airlines flight MH17, discover how OSINT is revolutionizing the field of investigative journalism and transforming how we perceive and verify information. 

Read More
Behind Closed Doors: The Rise of Hidden Malicious Remote Access
Behind Closed Doors: The Rise of Hidden Malicious Remote Access

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. 

Read More
Malicious Life Podcast: The Source Code of Malicious Life
Malicious Life Podcast: The Source Code of Malicious Life

A few weeks ago we had a listener’s meetup in New York, and as part of that meetup, I gave a talk in which I discussed how Malicious Life came to be - a story that goes back to my days as a ship's captain in the Israeli Navy - and then about how me and Nate craft the stories that you hear every other week. That last part, I hope, might also be beneficial to those of you, our listeners, who find themselves giving talks about technically complex ideas, cyber-related or not. The storytelling ideas and techniques I laid out in the talk are universal, and you’ll find them in blockbuster movies as well as podcast episodes. 

Read More
Malicious Life Podcast: The Y2K Bug Pt. 2
Malicious Life Podcast: The Y2K Bug Pt. 2

In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer's life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat.

Read More
Malicious Life Podcast: The Y2K Bug Pt. 1
Malicious Life Podcast: The Y2K Bug Pt. 1

In the 1950s and 60s - even leading into the 1990s - the cost of storage was so high, that using a 2-digit field for dates in a software instead of 4-digits could save an organization between $1.2-$2 Million dollars per GB of data. From this perspective, programming computers in the 1950s to record four-digit years would’ve been outright malpractice. But 40 years later, this shortcut became a ticking time bomb which one man, computer scientist Bob Bemer, was trying to diffuse before it was too late.

Read More
Cybereason’s evolution to disrupt beyond SIEM and XDR market
Cybereason’s evolution to disrupt beyond SIEM and XDR market

Today, enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by an exponential increase in compute resources, as well as data volumes and security tooling driving up the cost of storing, managing and analyzing the data for security purposes.

Read More
Threat Alert: The Anydesk Breach Aftermath
Threat Alert: The Anydesk Breach Aftermath

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Read More
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Read More
Soon�
Soon�

Posted by Sean @ 12:52 GMT


Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Mobile usability issues

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.




On 18/08/15 At 12:52 PM

Read More
Work In Progress
Work In Progress

Posted by Sean @ 13:25 GMT


Regular readers will have noticed it's been slow here of late.

Under Construction
Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.




On 13/08/15 At 01:25 PM

Read More
"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT


Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.




On 23/07/15 At 09:53 AM

Read More
Duke APT group's latest tools: cloud services and Linux support
Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT


Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP




On 22/07/15 At 11:59 AM

Read More
'Zero Days', The Documentary
'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT


VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.




On 20/07/15 At 12:40 PM

Read More
IOS Crash Report: Blocking
IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT


The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Prevent this page from creating additional dialogs

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)




On 17/07/15 At 10:15 AM

Read More
Hacking Team 0-day Flash Wave with Exploit Kits
Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT


After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)


Here are the stats for each exploit kit:

ek_stats (27k image)


The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)


Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)


We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)


HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)


There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.






On 13/07/15 At 12:29 PM

Read More
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT


When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim




On 08/07/15 At 02:31 AM

Read More
Problematic Wassenaar Definitions
Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT


The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.




On 09/06/15 At 01:25 PM

Read More
Found Item: UK Wi-Fi Law?
Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT


I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean




On 08/06/15 At 01:27 PM

Read More
SMS Exploit Messages
SMS Exploit Messages

Posted by Sean @ 13:56 GMT


There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter




On 28/05/15 At 01:56 PM

Read More
Ransomware Spam E-Mails Targeting Users in Italy and Spain
Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT


In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor




On 19/05/15 At 03:17 AM

Read More
Mac Hack Demonstration
Mac Hack Demonstration

Posted by Sean @ 12:46 GMT


Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Kids hack their Dad's computer on her Raspberry Pi

Don't worry, it's an authorized hack, she asked her mom for permission.




On 15/05/15 At 12:46 PM

Read More
Email Security Considerations for Microsoft 365 Users
Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Read More
Email Security Considerations for Google Workspace Users
Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Read More
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Read More
Universities and Colleges Face Multi-faceted Email Security Challenges
Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Read More
Spam vs Phish: The Problem with User-Reported Phish Buttons
Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Read More
Phishing for Google Impersonation Attacks
Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

Read More
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Read More
Native vs SEG vs ICES: What You Need to Know About Email Security
Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Read More
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Read More
Global Supply Chain: Attackers Targeting Business Deliveries
Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Read More
ONNX Phishing Targets Financial Companies’ Microsoft 365 Accounts
ONNX Phishing Targets Financial Companies’ Microsoft 365 Accounts

ONNX Store new PhaaS is targeting Microsoft 365 and Office 365 accounts in financial companies. The hackers use QR codes in PDF attachments to lure the employees into clicking malicious links. The phishing platform uses Telegram bots to spread and includes mechanisms to bypass two-factor authentication (2FA). Researchers think ONNX Store is Caffeine phishing kit […]

The post ONNX Phishing Targets Financial Companies’ Microsoft 365 Accounts appeared first on Heimdal Security Blog.

Read More
What Is a Bastion Host? Types, Use Cases, and Safety Measures
What Is a Bastion Host? Types, Use Cases, and Safety Measures

A bastion host is a server placed between the public internet and a company’s private network.  It enhances security by allowing access only to specific, authorized users. If you know about jump servers, you’ll recognize this concept. If not, you will by the end of this article. Understanding the functionality, types, and security requirements of […]

The post What Is a Bastion Host? Types, Use Cases, and Safety Measures  appeared first on Heimdal Security Blog.

Read More
The Top 7 Unified Endpoint Management Tools in 2024
The Top 7 Unified Endpoint Management Tools in 2024

In the last decade, cybersecurity has come a long way. Once upon a time, keeping your IT environment secure largely required passwords, firewalls, and antivirus. In the days since, the move to cloud technology has thrown up a whole range of advanced tools and defenses to protect organizations that have employees and data distributed around […]

The post The Top 7 Unified Endpoint Management Tools in 2024 appeared first on Heimdal Security Blog.

Read More
Crypter Specialist Involved in the Conti and LockBit Attack Arrested
Crypter Specialist Involved in the Conti and LockBit Attack Arrested

A 28-year-old Russian man has been taken into custody by the Ukraine cyber police in Kyiv for his involvement in the Conti and LockBit ransomware operations, which involved making their malware impervious to antivirus software and carrying out at least one attack personally. The Dutch police, who responded to a ransomware attack and subsequent data […]

The post Crypter Specialist Involved in the Conti and LockBit Attack Arrested appeared first on Heimdal Security Blog.

Read More
MSMQ Vulnerability Allows Hackers to Takeover Microsoft Servers
MSMQ Vulnerability Allows Hackers to Takeover Microsoft Servers

On June 11th, Microsoft announced fixing a critical RCE vulnerability in their Message Queuing (MSMQ) technology. The flaw is tracked CVE-2024-30080 and has a CVSS score of 9.8 out of 10. Security researchers say threat hackers can exploit it remotely to take over Microsoft Servers. Why patch the MSMQ RCE vulnerability immediately The flaw only […]

The post MSMQ Vulnerability Allows Hackers to Takeover Microsoft Servers appeared first on Heimdal Security Blog.

Read More
Cleveland Cyberattack Turns Public Services Offline for Days
Cleveland Cyberattack Turns Public Services Offline for Days

Cleveland cyberattack shut down the City Hall and the Erieview offices for the last two days. Authorities revealed the incident on Monday June 10th and said public services were put offline until further notice. Emergency services and public utilities, like healthcare and trash collection remained functional, due to employees resuming to manual work. What we […]

The post Cleveland Cyberattack Turns Public Services Offline for Days appeared first on Heimdal Security Blog.

Read More
2024’s Best RMM Solutions for MSPs: Top 10 Remote IT Management Tools
2024’s Best RMM Solutions for MSPs: Top 10 Remote IT Management Tools

In this article, we’ll answer your question: “What are the best RMM solutions for 2024?” We’ll explore the top 10 tools to help MSPs efficiently monitor and manage client systems. Here’s a quick glance for you: Heimdal XDR ConnectWise Automate Datto RMM NinjaOne N-able RMM Kaseya VSA ITarian GoToResolve Atera RMM Action1 RMM Let’s review […]

The post 2024’s Best RMM Solutions for MSPs: Top 10 Remote IT Management Tools appeared first on Heimdal Security Blog.

Read More
The V3B Phishing Kit Affects Customers of 54 European Banks
The V3B Phishing Kit Affects Customers of 54 European Banks

A new phishing kit known as ‘V3B’ is being promoted on Telegram by cybercriminals. It aims to trick clients of 54 significant financial institutions in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. Priced between $130 and $450 per month depending on what is purchased, the phishing kit features advanced obfuscation, […]

The post The V3B Phishing Kit Affects Customers of 54 European Banks appeared first on Heimdal Security Blog.

Read More
7,000 LockBit Keys Recovered by the FBI!
7,000 LockBit Keys Recovered by the FBI!

The FBI has disclosed that it has acquired over 7,000 LockBit decryption keys that individuals can utilize to access encrypted data at no cost, but it is urging previous victims of LockBit ransomware attacks to come forward. This was announced by the FBI’s Cyber Division Assistant Director, Bryan Vorndran, at the 2024 Boston Conference on […]

The post 7,000 LockBit Keys Recovered by the FBI! appeared first on Heimdal Security Blog.

Read More
Operation Endgame, The Largest Ever Operation Against Botnets
Operation Endgame, The Largest Ever Operation Against Botnets

In an unprecedented coordinated effort, international law enforcement agencies have successfully dismantled several major botnets in what has been described as the largest ever operation against cybercrime. Dubbed ‘Operation Endgame’, this large-scale crackdown involved multiple countries and led to significant disruptions in the operations of cybercriminals worldwide. Details of the operation Between May 27 and […]

The post Operation Endgame, The Largest Ever Operation Against Botnets appeared first on Heimdal Security Blog.

Read More
Zyxel Patches EOL NAS Devices Against Three Critical Flaws
Zyxel Patches EOL NAS Devices Against Three Critical Flaws

Zyxel urges users to apply patches for three critical vulnerabilities impacting two of its end-of-life NAS products Security researcher Timothy Hjort reported 5 vulnerabilities in Zyxel products: NAS326, version V5.21(AAZF.16)C0 and earlier NAS542, version V5.21(ABAG.13)C0 and earlier Three of the flaws are critical and enable command injection and remote code execution (RCE) attacks. End-of-life means […]

The post Zyxel Patches EOL NAS Devices Against Three Critical Flaws appeared first on Heimdal Security Blog.

Read More
[2024] The 12 Best Incident Response Software On the Market
[2024] The 12 Best Incident Response Software On the Market

Nowadays, cyber threats are more sophisticated and common than ever.  Companies face significant risks from breaches, ransomware, and other malicious activities, leading to financial loss, reputational damage, and operational disruptions. Strong incident response capabilities are now essential. Investing in top-tier incident response software is crucial. These tools offer comprehensive solutions for efficiently detecting, managing, and […]

The post [2024] The 12 Best Incident Response Software On the Market appeared first on Heimdal Security Blog.

Read More
Synnovis Ransomware Attack Disrupts NHS London Hospitals’ Activity
Synnovis Ransomware Attack Disrupts NHS London Hospitals’ Activity

A ransomware attack hit services provider Synnovis on June 3rd, causing activity disruption at several major NHS hospitals in London. Blood transfusions, surgeries, blood tests, and other procedures were postponed, redirected to other clinics, or canceled. The attack impacted Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast […]

The post Synnovis Ransomware Attack Disrupts NHS London Hospitals’ Activity appeared first on Heimdal Security Blog.

Read More
Hugging Face Spaces Platform Breached, Authentication Tokens Stolen
Hugging Face Spaces Platform Breached, Authentication Tokens Stolen

Hugging Face, a well-known AI company, reports that malicious actors have gained access to its members’ authentication secrets through a compromise on its Spaces platform. “Hugging Face Spaces” is a collection of AI apps made and submitted by community members, available for other members to test. Hugging Face alerted in a blog post: Earlier this […]

The post Hugging Face Spaces Platform Breached, Authentication Tokens Stolen appeared first on Heimdal Security Blog.

Read More
11 Cybersecurity Platforms You Should Know About [2024]
11 Cybersecurity Platforms You Should Know About [2024]

There’s growing evidence that organizations are consolidating their cybersecurity tools. One survey found that 60% of companies are looking to reduce the number of point solutions they use. And it’s not just about saving money – the top driver was in fact about improving usability (for 23%). Cybersecurity platforms are meeting this demand. By bringing […]

The post 11 Cybersecurity Platforms You Should Know About [2024] appeared first on Heimdal Security Blog.

Read More
Handling BOM MIME Files, (Wed, Jun 19th)
Handling BOM MIME Files, (Wed, Jun 19th)

A reader contacted me with an eml file (which turned out to be benign) that emldump.py could not parse correctly.

Read More
Video Meta Data: DJI Drones, (Sun, Jun 16th)
Video Meta Data: DJI Drones, (Sun, Jun 16th)

Many years ago, I wrote about the EXIF data in pictures taken with Smartphones. Smartphones often record extensive meta data, including GPS and accelerometer data.

Read More
ISC Stormcast For Tuesday, June 18th, 2024 https://isc.sans.edu/podcastdetail/9028, (Tue, Jun 18th)
ISC Stormcast For Tuesday, June 18th, 2024 https://isc.sans.edu/podcastdetail/9028, (Tue, Jun 18th)

No summary available.

Read More
New NetSupport Campaign Delivered Through MSIX Packages, (Mon, Jun 17th)
New NetSupport Campaign Delivered Through MSIX Packages, (Mon, Jun 17th)

It&#;x26;#;39;s amazing to see how attackers reuse and combine known techniques to target their victims with new campaigns! Last week, I spotted some malicious MSIX packages on VT that drop a NetSupport[1] client preconfigured to phone home to an attacker&#;x26;#;39;s controlled manager. Remote support tools are really "cool" for attackers because they provide a perfect way to communicate with infected computers without the need to develop their own C2 infrastructure and protocol! If some are popular and often searched as evidence of compromise, like AnyDesk or TeamViewer), there are others, like NetSupport, that tend to remain below the radar. This one is available for free for 30 days (more than enough to launch a campaign) and provides all the expected features to interact with victims:

Read More
ISC Stormcast For Monday, June 17th, 2024 https://isc.sans.edu/podcastdetail/9026, (Mon, Jun 17th)
ISC Stormcast For Monday, June 17th, 2024 https://isc.sans.edu/podcastdetail/9026, (Mon, Jun 17th)

No summary available.

Read More
Overview of My Tools That Handle JSON Data, (Sat, Jun 15th)
Overview of My Tools That Handle JSON Data, (Sat, Jun 15th)

I wrote a couple of diary entries showing my tools that produce and consume JSON data. Like "Analyzing PDF Streams", "Another PDF Streams Example: Extracting JPEGs" and "Analyzing MSG Files".

Read More
ISC Stormcast For Friday, June 14th, 2024 https://isc.sans.edu/podcastdetail/9024, (Fri, Jun 14th)
ISC Stormcast For Friday, June 14th, 2024 https://isc.sans.edu/podcastdetail/9024, (Fri, Jun 14th)

No summary available.

Read More
ISC Stormcast For Thursday, June 13th, 2024 https://isc.sans.edu/podcastdetail/9022, (Thu, Jun 13th)
ISC Stormcast For Thursday, June 13th, 2024 https://isc.sans.edu/podcastdetail/9022, (Thu, Jun 13th)

No summary available.

Read More
The Art of JQ and Command-line Fu [Guest Diary], (Thu, Jun 13th)
The Art of JQ and Command-line Fu [Guest Diary], (Thu, Jun 13th)

[This is a Guest Diary by Kaela Reed, an ISC intern as part of the SANS.edu BACS program]

Read More
Port 1801 Traffic: Microsoft Message Queue, (Wed, Jun 12th)
Port 1801 Traffic: Microsoft Message Queue, (Wed, Jun 12th)

I planned a bit a more conclusive story here, but after running into issues decoding the packets and running out of time between looking at student papers, I figured I would leave it up to the audience ;-) Maybe someone here better understands the Microsoft Message Queue (MSMQ) protocol.

Read More
Happy 1st Birthday to Our KnowBe4 Community!
Happy 1st Birthday to Our KnowBe4 Community!

Happy 1st birthday to our KnowBe4 Community! We’re so excited to celebrate our community's first anniversary. It’s been filled with so many wholesome moments and learning opportunities.

Read More
Brazilian Entities Increasingly Targeted by Nation-State Phishing Attacks
Brazilian Entities Increasingly Targeted by Nation-State Phishing Attacks

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North Korea and Russia.

Read More
The Overlooked Truth: User Experience in Cybersecurity
The Overlooked Truth: User Experience in Cybersecurity

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom.

The narrative has always been about hacking, phishing, and all sorts of digital skullduggery. However, the overlooked truth is that users don't adopt best security practices because they’re designed without the slightest nod to the user experience.

Read More
CyberheistNews Vol 14 #25 Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for Outlook
CyberheistNews Vol 14 #25 Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for Outlook

Read More
Phishing Campaign Abuses Windows Search to Distribute Malware
Phishing Campaign Abuses Windows Search to Distribute Malware

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware.

Read More
No Politician Too Small: School Board Candidates Targeted By Phishing and BEC Scams
No Politician Too Small: School Board Candidates Targeted By Phishing and BEC Scams

Cybercriminals are broadening their targets to include even local political candidates, as an escalating series of phishing attacks was recently directed at school board candidates in Colorado.

Read More
Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for Outlook
Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for Outlook

Increasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails.

Read More
Unmasking the Threat: Why Phishing Scams are Surging in Japan
Unmasking the Threat: Why Phishing Scams are Surging in Japan

Japan has a large number of Forbes Global 2000 corporations--more than the UK, Germany, and France combined. Despite this economic strength, Japan faces an alarming and growing threat from phishing attacks, which is much worse than previously assumed.

According to findings by Mailsuite, Japan is frequently targeted by phishers, particularly impersonating its major brands. Telecom firm au by KDDI, for instance, has been exploited in 18,964 phishing scams since January 2020. Another frequently impersonated brand is the Japanese payment service JCB, which has been used in 14,907 phishing scams.

Japanese specialists confirm that these findings align with other research by Cloudflare and Vade. KDDI's cell phone service name, "au," is often abused due to its similarity to the Australian ccTLD, fooling many into thinking phishing emails are legitimate. Moreover, other major brands like train company JR East and retail franchise Aeon have also seen over 10,000 verified phishing scams each.

The problem has reached such an extent that 2023 saw a record number of phishing scams in Japan, surpassing the previous annual record for unauthorized money transfers within just six months. The trend has extended into 2024 and Hisashi Arai from KDDI’s UX and Quality Department highlights the sophistication of these phishing sites, which mimic legitimate screens almost identically, making detection difficult.

Compounding the issue is the low adoption rate of DMARC by major Japanese companies, trailing behind those in the Philippines and Thailand. Japan's economic affluence, ranking third globally by GDP, makes it an attractive target for North Korean and Chinese cybercriminals. Additionally, cultural factors, such as Japan's strict adherence to deadlines, make citizens more vulnerable to phishing attempts using urgent language.

The Council of Anti-Phishing Japan’s monthly reports further underscore the severity of the situation. Additionally, a recent Cloudflare announcement listed several Japanese brands frequently targeted in phishing scams, including Mitsubishi UFJ NICOS, Rakuten, JR East, and Aeon. 

Read More
Phishing Campaign Targets Job Seekers With WARMCOOKIE Backdoor
Phishing Campaign Targets Job Seekers With WARMCOOKIE Backdoor

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.

Read More
The Global Reach of Cyber Threats: Why Security Awareness Training is More Important Than Ever
The Global Reach of Cyber Threats: Why Security Awareness Training is More Important Than Ever

Based on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world or that they only target specific industries. However, the reality is that cyber attacks know no borders, and no organisation is immune.

Read More
NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out
NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment.

Related: The advance of LLMs

For at least the past decade, the cybersecurity industry … (more…)

The post NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: Here’s what it will take to achieve Digital Trust in our hyper-connected future
RSAC Fireside Chat: Here’s what it will take to achieve Digital Trust in our hyper-connected future

Confidence in the privacy and security of hyper-connected digital services is an obvious must have.

Related: NIST’s  quantum-resistant crypto

Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging … (more…)

The post RSAC Fireside Chat: Here’s what it will take to achieve Digital Trust in our hyper-connected future first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: VISO TRUST replaces questionaires with AI analysis to advance ‘TPRM’
RSAC Fireside Chat: VISO TRUST replaces questionaires with AI analysis to advance ‘TPRM’

Taking stock of exposures arising from the data-handling practices of third-party suppliers was never simple.

Related: Europe requires corporate sustainability

In a hyper-connected, widely-distributed operating environment the challenge has become daunting.

At RSAC 2024, I visited with Paul Valente(more…)

The post RSAC Fireside Chat: VISO TRUST replaces questionaires with AI analysis to advance ‘TPRM’ first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration
RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools.

Related: Cyber help for hire

Why not seek help from a specialist? At RSAC 2024, I … (more…)

The post RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration first appeared on The Last Watchdog.

Read More
News Alert: Criminal IP unveils innovative fraud detection data products on Snowflake Marketplace
News Alert: Criminal IP unveils innovative fraud detection data products on Snowflake Marketplace

Torrance, Calif., June 10, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘Criminal IP‘ on the Snowflake (more…)

The post News Alert: Criminal IP unveils innovative fraud detection data products on Snowflake Marketplace first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss
RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI?

Related: Next-level browser security

That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna, co-founder and CTO of Jscrambler, at … (more…)

The post RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss first appeared on The Last Watchdog.

Read More
SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux
SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

Identity and Access Management (IAM) is at a crossroads.

Related: Can IAM be a growth engine?

A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is  influencing IAM technologies to meet evolving identity threats.… (more…)

The post SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data
RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

Digital rights management (DRM) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies.

By the mid-2000s a branch called enterprise digital rights management (EDRM(more…)

The post RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery
RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

Business data today gets scattered far and wide across distributed infrastructure.

Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations.

At RSAC 2024, … (more…)

The post RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery first appeared on The Last Watchdog.

Read More
RSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediation
RSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediation

When Log4J came to light in 2021, Kinnaird McQuade, then a security engineer at Square, drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service.

Related: The big lesson from Log4J

“It … (more…)

The post RSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediation first appeared on The Last Watchdog.

Read More
Explained: Android overlays and how they are used to trick people
Explained: Android overlays and how they are used to trick people

Despite existing countermeasures, Android overlays are still used in malware attacks and phishing. What are they and what can we do?

Read More
43% of couples experience pressure to share logins and locations, Malwarebytes finds
43% of couples experience pressure to share logins and locations, Malwarebytes finds

Digital sharing between romantic partners is the norm, but new research from Malwarebytes shows that many feel pressured to hand over access.

Read More
(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13
(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

This week on the Lock and Code podcast, we speak with Tjitske de Vries to answer some of the most common cybersecurity questions we receive.

Read More
Microsoft Recall delayed after privacy and security concerns
Microsoft Recall delayed after privacy and security concerns

Microsoft has announced that its Copilot+PC's Recall feature will be delayed due to privacy concerns and security risks.

Read More
A week in security (June 10 – June 16)
A week in security (June 10 – June 16)

A list of topics we covered in the week of June 10 to June 16 of 2024

Read More
Truist bank confirms data breach
Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant...

Read More
Update now! Google Pixel vulnerability is under active exploitation
Update now! Google Pixel vulnerability is under active exploitation

Google revealed that a firmware vulnerability in its Pixel devices has been under limited active exploitation

Read More
Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content
Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content

Adobe announced changes to its ToS which sparked backlash among users, so it posted an explainer to take away the major concerns

Read More
23andMe data breach under joint investigation in two countries
23andMe data breach under joint investigation in two countries

Canada's and UK privacy authorities are going to investigate the data breach at 23andMe to assess what the company could have done better.

Read More
When things go wrong: A digital sharing warning for couples
When things go wrong: A digital sharing warning for couples

Digital sharing is the norm in romantic relationships. But some access could leave partners vulnerable to inconvenience, spying, and abuse.

Read More
Google’s Chrome changes make life harder for ad blockers
Google’s Chrome changes make life harder for ad blockers

Google Chrome's transition to Manifest V3 has started and will make the life of ad blockers a lot harder.

Read More
A week in security (June 3 – June 9)
A week in security (June 3 – June 9)

A list of topics we covered in the week of June 3 to June 9 of 2024

Read More
Google will start deleting location history
Google will start deleting location history

Google has announced it will delete Location History (Timeline) data and store new data locally, starting December 2024.

Read More
Advance Auto Parts customer data posted for sale
Advance Auto Parts customer data posted for sale

Car parts provider Advance Auto Parts seems to be the next victim of a major data breach related to cloud provider Snowflake.

Read More
Husband stalked ex-wife with seven AirTags, indictment says
Husband stalked ex-wife with seven AirTags, indictment says

A husband, now indicted, allegedly used seven Apple AirTags to stalk his ex-wife over a period of several weeks. His trial begins this month.

Read More
Microsoft Recall snapshots can be easily grabbed with TotalRecall tool
Microsoft Recall snapshots can be easily grabbed with TotalRecall tool

A worried researcher has created a tool to demonstrate exactly how much of a security backdoor Microsoft is creating with Recall.

Read More
Financial sextortion scams on the rise
Financial sextortion scams on the rise

Financially motivated sextortion of teenage boys is the fastest-growing global cybercrime, according to the FBI and Homeland Security.

Read More
Say hello to the fifth generation of Malwarebytes
Say hello to the fifth generation of Malwarebytes

Announcing the latest version of Malwarebytes, which brings a faster, responsive, and consistent user interface, integrated security and privacy, and expert guidance to keep you secure.

Read More
Big name TikTok accounts hijacked after opening DM
Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts have been targeted in a recent attack.

Read More
US residents targeted by utility scammers on Google
US residents targeted by utility scammers on Google

These scammers are persistent and want your billing information to extort money from you.

Read More
Creating an AI Policy – A Guide for SMEs
Creating an AI Policy – A Guide for SMEs

Looking to integrate AI (artificial intelligence) into your business operations but unsure where to start, or how to navigate the challenges? You’re not alone. Many organisations recognise the potential of AI tools, such as ChatGPT, to streamline operations and provide a competitive edge. Adopting AI technology, however, comes with its own set of challenges – such as ensuring the accuracy of AI-generated information, maintaining the quality of AI outputs and addressing ethical concerns. That’s where a well-thought-out AI policy comes into play. This type of policy prepares your organisation to thrive in the rapidly evolving AI landscape. In this guide

The post Creating an AI Policy – A Guide for SMEs appeared first on IT Governance UK Blog.

Read More
Free Expert Insights: Index of Interviews
Free Expert Insights: Index of Interviews

At least once a week, we sit down with an expert from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: AI Cyber attacks and data breaches Cyber Essentials Cyber resilience Cyber security Data privacy DORA Europrivacy Incident response ISO 27001 PCI DSS PECR Security testing Supply chains Training Miscellaneous To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 7 June 2024. Interviews added: Vanessa Horton on ransomware trends (cyber security); Leon

The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

Read More
Worrying Ransomware Trends, and What to Do About Them
Worrying Ransomware Trends, and What to Do About Them

Expert insight from our cyber incident responder When talking to clients or taking questions at the end of webinars, many ask us about ransomware. In fact, ransomware is often the first thing people ask about! Organisations seem really worried about it – and understandably so. Ransomware features a lot in the news. A particularly noteworthy attack was MOVEit, which was also a zero-day exploit, but we see plenty of ‘run-of-the-mill’ attacks too. There are even daily ransomware victim feeds! Admittedly, threat actors can and do claim attacks that didn’t happen or are exaggerated. Nonetheless, the risk of a cyber incident

The post Worrying Ransomware Trends, and What to Do About Them appeared first on IT Governance UK Blog.

Read More
Security Tips and Concerns for Remote Working
Security Tips and Concerns for Remote Working

Security risks of home working and public Wi-Fi, tips to mitigate them, VPN insights, and more Home-based teams? Flexible working? Staff often working on the go? Only a few years ago, most organisations never considered working from home as an option. But the COVID-19 lockdowns forced organisations to quickly create and provide remote working solutions. Organisations didn’t have the luxury of time to properly plan things and consider the risks involved. So, many lacked a proper security procedure or set of guidelines to follow, even if the solutions themselves were working. Now, thousands of organisations have predominantly home-based workforces. Countless

The post Security Tips and Concerns for Remote Working appeared first on IT Governance UK Blog.

Read More
A Practical Guide to Cyber Incident Response
A Practical Guide to Cyber Incident Response

Expert insight from our cyber incident responder Cyber attacks and data breaches are a matter of when, not if. No single measure is 100% foolproof. A determined attacker will always be able to find their way around your defences, given enough time and resources. Furthermore, as Vanessa Horton, our cyber incident responder, pointed out in an interview about anti-forensics: The cyber world is changing all the time, which means we’re playing a bit of a cat-and-mouse game. Basically, as one side improves, so does the other. In this interview, I pick her brain on cyber incident response more generally, gaining

The post A Practical Guide to Cyber Incident Response appeared first on IT Governance UK Blog.

Read More
ISO 27001 and Physical Security
ISO 27001 and Physical Security

Physical access control, physical security monitoring, CCTV, and more When we hear the term ‘information security’ – or, for that matter, ‘ISO 27001’ – our thoughts usually turn straight to cyber security. However, physical security is also an important aspect of information and data security. In fact, in the 2022 versions of ISO 27001 and ISO 27002, ‘physical’ is one of just four control themes. As such, the Standards also list explicit physical security controls, which organisations must either implement or justify why they don’t need to in their SoA (Statement of Applicability) to certify against ISO 27001. Matthew Peers,

The post ISO 27001 and Physical Security appeared first on IT Governance UK Blog.

Read More
Cyber Essentials vs ISO 27001: Key Differences
Cyber Essentials vs ISO 27001: Key Differences

Expert insights into the benefits of each, misconceptions, timelines, and more Ashley ‘Ash’ Brett is an experienced cyber security advisor, who has carried out hundreds of Cyber Essentials Plus assessments. He also provides Cyber Essentials consultancy, helping customers become compliant. On top of that, Ash is a product evangelist for IT Governance, creating and sharing interesting content related to Cyber Essentials on social media. Previously, Ash talked about some high-level differences between Cyber Essentials and ISO 27001. Today, we’re delving deeper. In this interview Someone recently asked me whether Cyber Essentials can be anything other than high level. What’s your response? They

The post Cyber Essentials vs ISO 27001: Key Differences appeared first on IT Governance UK Blog.

Read More
6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident
6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

Plus, a further 3,029,461 known records newly breached Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight More than 6 million accounts compromised from streaming service MovieBoxPro MovieBoxPro, a streaming service of “questionable legality”, suffered a data scraping incident on 15 April 2024, according to Have I Been Pwned. Data scraping is a typically automated

The post 6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident appeared first on IT Governance UK Blog.

Read More
Global Data Breaches and Cyber Attacks in 2024
Global Data Breaches and Cyber Attacks in 2024

35,900,145,035 known records breached so far in 9,478 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate. To get our latest research delivered straight to your inbox, subscribe to our free weekly newsletter, the Security Spotlight. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. We offer

The post Global Data Breaches and Cyber Attacks in 2024 appeared first on IT Governance UK Blog.

Read More
Global Data Breaches and Cyber Attacks in April 2024 – 5,336,840,757 Records Breached
Global Data Breaches and Cyber Attacks in April 2024 – 5,336,840,757 Records Breached

IT Governance’s research found the following for April 2024: The number of records breached this month was high – particularly compared to March – largely due to two outlier events: We discuss both events in more detail below. Announcement: slight methodology change For data breaches and cyber attacks claimed by threat actors on dark web forums, where they provide samples or other evidence of the breach, we now accept these incidents as having genuinely occurred, but don’t accept the number of records the threat actor claims to have stolen at face value. This is because these numbers – particularly in

The post Global Data Breaches and Cyber Attacks in April 2024 – 5,336,840,757 Records Breached appeared first on IT Governance UK Blog.

Read More
Analysis of user password strength
Analysis of user password strength

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.

Read More
Cinterion EHS5 3G UMTS/HSPA Module Research
Cinterion EHS5 3G UMTS/HSPA Module Research

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities.

Read More
QR code SQL injection and other vulnerabilities in a popular biometric terminal
QR code SQL injection and other vulnerabilities in a popular biometric terminal

The report analyzes the security properties of a popular biometric access control terminal made by ZKTeco and describes vulnerabilities found in it.

Read More
Bypassing 2FA with phishing and OTP bots
Bypassing 2FA with phishing and OTP bots

Explaining how scammers use phishing and OTP bots to gain access to accounts protected with 2FA.

Read More
IT threat evolution in Q1 2024. Mobile statistics
IT threat evolution in Q1 2024. Mobile statistics

Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans.

Read More
IT threat evolution Q1 2024
IT threat evolution Q1 2024

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant.

Read More
IT threat evolution in Q1 2024. Non-mobile statistics
IT threat evolution in Q1 2024. Non-mobile statistics

In this report, Kaspersky shares non-mobile malware statistics for Q1 2024, including ransomware, miner and macOS malware statistics.

Read More
Trusted relationship attacks: trust, but verify
Trusted relationship attacks: trust, but verify

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers.

Read More
Message board scams
Message board scams

Here’s how scams target buyers and sellers on online message boards, and how the gangs behind them operate.

Read More
Threat landscape for industrial automation systems, Q1 2024
Threat landscape for industrial automation systems, Q1 2024

In this report Kaspersky ICS CERT shares statistics on threats blocked on ICS computers globally and in separate regions in Q1 2024: share of attacked computers, most affected industries, most common types of threats.

Read More
Yet Another TA558 Campaign Targets South America’s Hospitality Industry With AsyncRAT
Yet Another TA558 Campaign Targets South America’s Hospitality Industry With AsyncRAT

Introduction This research began with finding a simple malware sample to extract strings for an unrelated topic. In my day-to-day malware analysis workflow, I stumbled upon a JavaScript (JS) file with what I would call trivial obfuscation. I knew it was malware but wanted to understand the infection chain. After some cleanup, I understood it […]

Read More - Yet Another TA558 Campaign Targets South America’s Hospitality Industry With AsyncRAT

Read More
Q1 2024 Internet Security Report
Q1 2024 Internet Security Report

This week on the podcast we cover the WatchGuard Threat Lab’s Internet Security Report from Q1. In this episode, we discuss the latest trends in malware detections at the network and the endpoint, network attack trends, and malicious domains that targeted WatchGuard customers around the world.

Read More - Q1 2024 Internet Security Report

Read More
Recall Windows Recall
Recall Windows Recall

This week on the podcast, we discuss a new Microsoft Windows feature that is shaping up to be a security nightmare. Before that, we discuss a new research initiative from the Advanced Research Projects Agency for Health (ARPA-H) that could make big improvements in healthcare cybersecurity.

Read More - Recall Windows Recall

Read More
SSID Confusion Attacks
SSID Confusion Attacks

This week on the podcast, we cover a newly disclosed weakness in the 802.11 Wi-Fi standard that affects common enterprise Wi-Fi deployments. Before that, we discuss CISA’s Secure by Design Pledge for technology vendors before ending with a Microsoft research post on Quick Assist social engineering.

Read More - SSID Confusion Attacks

Read More
Seattle Kraken IT Joins The 443 Podcast
Seattle Kraken IT Joins The 443 Podcast

In a very special episode of #the443Podcast, WatchGuard Director of Security Operations, Marc Laliberte sits down with Seattle Kraken Cybersecurity Engineer, Ryan Willgues to discuss how Ryan got his start in IT, what it’s like working for an NHL franchise, how the Kraken have deployed WatchGuard’s Unified Security Platform, and much more.

Read More - Seattle Kraken IT Joins The 443 Podcast

Read More
Picking Secure Technologies
Picking Secure Technologies

This week on the podcast, we cover guidance from CISA and its international partners that guides organizations on the right questions to ask during the technology procurement process to make sure the products they buy are secure. Before that, we cover Microsoft’s research into a common vulnerability impacting over 4 billion Android application installations followed […]

Read More - Picking Secure Technologies

Read More
The 2024 Verizon DBIR
The 2024 Verizon DBIR

This week on the podcast, we cover the key takeaways from the 2024 Verizon Data Breach Investigations Report. Before that, we discuss what we learned from United Healthcare CEO Andrew Witty’s congressional testimony on their ransomware attack in February. We also discuss a research article from JFrog on malicious Docker Hub repositories.

Read More - The 2024 Verizon DBIR

Read More
Cisco ArcaneDoor Attack
Cisco ArcaneDoor Attack

This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed “ArcaneDoor.” After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.

Read More - Cisco ArcaneDoor Attack

Read More
A Postmortem of Microsoft’s Security Incident
A Postmortem of Microsoft’s Security Incident

This week on the podcast, we cover a report from the Department of Homeland Security’s Cyber Safety Review Board that analyzes Microsoft’s Exchange Online 2023 security incident in excruciating detail. Before that, we cover CISA’s new rules around cyber incident reporting and an unsealed indictment against 7 Chinese nationals.

Read More - A Postmortem of Microsoft’s Security Incident

Read More
Ending Session Hijacking
Ending Session Hijacking

This week on the podcast, we cover a Google initiative to kill off session hijacking attacks once and for all. Before that, we give an analysis of CVE-2023-3400, the Palo Alto zero-day vulnerability currently under active exploit. Additionally, we discuss a recent white paper from CISA on securely deploying artificial intelligence systems.

Read More - Ending Session Hijacking

Read More
BatBadBut What?
BatBadBut What?

This week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial […]

Read More - BatBadBut What?

Read More
Bad Month for Software Supply Chains
Bad Month for Software Supply Chains

This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook’s Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.

Read More - Bad Month for Software Supply Chains

Read More
Trucking Worms
Trucking Worms

This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple’s “un-patchable” vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.

Read More - Trucking Worms

Read More
A Wild Month in Ransomware
A Wild Month in Ransomware

This week on the podcast, we’re joined by Ryan Estes, a member of WatchGuard’s Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing […]

Read More - A Wild Month in Ransomware

Read More
Operation Cronos: A Breakdown of the LockBit Disruption
Operation Cronos: A Breakdown of the LockBit Disruption

Check out LockBit 3.0 on our new Ransomware Tracker Beta! Hear more about Operation Cronos on The 443 Podcast. If you’ve followed the ransomware space for the past few years, it’s very likely you’ve heard of LockBit. If you don’t follow the cybersecurity landscape, there’s still a good chance you’ve heard of them or at […]

Read More - Operation Cronos: A Breakdown of the LockBit Disruption

Read More
Locking Up LockBit
Locking Up LockBit

This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group’s infrastructure. After that, we cover a novel malware delivery vector involving an IoT “toy.” We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.

Read More - Locking Up LockBit

Read More
Flipping Out Over Flipper Zero
Flipping Out Over Flipper Zero

This week on the podcast we cover Canada’s attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI […]

Read More - Flipping Out Over Flipper Zero

Read More
AnyDesk Remote Access Vendor Compromise
AnyDesk Remote Access Vendor Compromise

AnyDesk logo

On February 2nd, remote access software vendor AnyDesk disclosed they had been the victim of a cyberattack where an unknown threat actor obtained access to production systems. AnyDesk appears to have contained the incident before the adversaries were able to leverage their access into a supply chain attack against AnyDesk customers but out of an […]

Read More - AnyDesk Remote Access Vendor Compromise

Read More
Could a Toothbrush Botnet Happen?
Could a Toothbrush Botnet Happen?

This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ’s latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving […]

Read More - Could a Toothbrush Botnet Happen?

Read More
A Door in Apple’s Walled Garden
A Door in Apple’s Walled Garden

This week on the podcast, we cover Apple’s recent announcement describing how they will comply with the European Union’s new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti’s […]

Read More - A Door in Apple’s Walled Garden

Read More
A Blizzard of Threats
A Blizzard of Threats

This week on the podcast, we cover two “Blizzard” threat actors targeting governments and private organizations. We also give an update to the SEC’s compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen’s privacy while browsing the internet.

Read More - A Blizzard of Threats

Read More
Androxgh0st Analysis
Androxgh0st Analysis

This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.

Read More - Androxgh0st Analysis

Read More
NIST Tackles Adversarial AI
NIST Tackles Adversarial AI

This week on the podcast, we review NIST’s new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a […]

Read More - NIST Tackles Adversarial AI

Read More
RIPE for the Taking
RIPE for the Taking

This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader’s court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft’s research […]

Read More - RIPE for the Taking

Read More
Hacking the Crypto Supply Chain
Hacking the Crypto Supply Chain

This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an […]

Read More - Hacking the Crypto Supply Chain

Read More
Bluetooth Busted
Bluetooth Busted

This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on […]

Read More - Bluetooth Busted

Read More
Our 2024 Security Predictions
Our 2024 Security Predictions

This week on the podcast we discuss our cybersecurity predictions for 2024. We’ll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!

Read More - Our 2024 Security Predictions

Read More
Grading our 2023 Security Predictions
Grading our 2023 Security Predictions

This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We’ll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may […]

Read More - Grading our 2023 Security Predictions

Read More
What to Expect from NIS2
What to Expect from NIS2

This week on the podcast, we dive in to the EU’s Network and Information Security directive update, aka NIS2. We’ll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an […]

Read More - What to Expect from NIS2

Read More
Combined Cyber and Kinetic Warfare
Combined Cyber and Kinetic Warfare

This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta’s post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean […]

Read More - Combined Cyber and Kinetic Warfare

Read More
The White House Tackles AI
The White House Tackles AI

This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming […]

Read More - The White House Tackles AI

Read More
The Threat Actor That Hacked MGM
The Threat Actor That Hacked MGM

This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an […]

Read More - The Threat Actor That Hacked MGM

Read More
CISA’s Secure by Design Whitepaper
CISA’s Secure by Design Whitepaper

This week on the podcast, we cover CISA’s newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA’s efforts to regulate cybersecurity practices in […]

Read More - CISA’s Secure by Design Whitepaper

Read More
Microsoft is Killing NTLM
Microsoft is Killing NTLM

This week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft’s announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and […]

Read More - Microsoft is Killing NTLM

Read More
Q2 2023 Internet Security Report
Q2 2023 Internet Security Report

This week on the podcast, we go through the latest Internet Security Report from the WatchGuard Threat Lab. We’ll cover the top malware and network attack trends from Q2 2023 impacting small and mid-market organization globally before ending with defensive tips anyone can take back to their company.

Read More - Q2 2023 Internet Security Report

Read More
Bing Chat Malvertising
Bing Chat Malvertising

This week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing’s ChatGTP integration. We then end with an analysis of North Korea’s Lazarus group’s latest social engineering techniques.

Read More - Bing Chat Malvertising

Read More
Meta’ One Good Deed
Meta’ One Good Deed

This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta’s application security team for their VR headsets. After that, we cover Microsoft’s analysis of an ATP’s pivot from email to […]

Read More - Meta’ One Good Deed

Read More
iPhone’s Latest 0-Day
iPhone’s Latest 0-Day

This week on the podcast, we cover Microsoft’s final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.

Read More - iPhone’s Latest 0-Day

Read More
The Qakbot Takedown
The Qakbot Takedown

This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.

Read More - The Qakbot Takedown

Read More
Weaponizing WinRAR
Weaponizing WinRAR

This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn’t actually use AI.

Read More - Weaponizing WinRAR

Read More
U.S. Cyber Trust Mark
U.S. Cyber Trust Mark

This week on the podcast we cover the FCC’s proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.

Read More - U.S. Cyber Trust Mark

Read More
Def Con 2023 Recap
Def Con 2023 Recap

On this week’s episode, we chat about some of our favorite talks from this year’s Def Con security conference. We’ll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn’t be about cyber warfare.

Read More - Def Con 2023 Recap

Read More
BlackHat 2023 Recap
BlackHat 2023 Recap

In this special end-of-week episode of The 443, we cover some of our favorite talks from this year’s edition of the BlackHat cybersecurity conference in Las Vegas. We’ll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.

Read More - BlackHat 2023 Recap

Read More
What Is Same-Origin Policy? Replay
What Is Same-Origin Policy? Replay

This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year’s Black Hat and Def Con cybersecurity conferences!

Read More - What Is Same-Origin Policy? Replay

Read More
Qakbot Qacktivity
Qakbot Qacktivity

This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC’s new rules around mandatory security disclosure. We then end by reviewing CISA’s analysis of Risk and Vulnerability Assessments they completed for their constituents in […]

Read More - Qakbot Qacktivity

Read More
Red Teaming AI Systems
Red Teaming AI Systems

This week on the podcast, we give an update on last week’s discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.

Read More - Red Teaming AI Systems

Read More
New Microsoft Office 0-Day
New Microsoft Office 0-Day

This week on the podcast we cover two stories that came out of Microsoft’s July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains […]

Read More - New Microsoft Office 0-Day

Read More
Q1 2023 Internet Security Report
Q1 2023 Internet Security Report

This week on the podcast, we cover WatchGuard Threat Lab’s Internet Security Report for Q1 2023. Throughout the episode, we’ll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode […]

Read More - Q1 2023 Internet Security Report

Read More
RepoJacking
RepoJacking

On this week’s podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

Read More - RepoJacking

Read More
A New Russian APT
A New Russian APT

On this week’s episode we discuss the newly named threat actor Cadet Blizzard, including their typical tools, tactics and procedures. We also cover CISA’s newest binding directive to federal agencies. Before that, we give an update on exploited MOVEit Transfer servers and the latest Bitcoin laundering technique.

Read More - A New Russian APT

Read More
Minecraft Mod Malware
Minecraft Mod Malware

This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

Read More - Minecraft Mod Malware

Read More
How Not to Update Software
How Not to Update Software

This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte’s decision to rootkit their own motherboards before ending with a new macOS vulnerability.

Read More - How Not to Update Software

Read More
Naming APTs
Naming APTs

This week on the podcast, we cover Microsoft’s latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

Read More - Naming APTs

Read More
TikTok is Banned, Kind Of
TikTok is Banned, Kind Of

This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight […]

Read More - TikTok is Banned, Kind Of

Read More
Scratching the Surface of Rhysida Ransomware
Scratching the Surface of Rhysida Ransomware

A few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that […]

Read More - Scratching the Surface of Rhysida Ransomware

Read More
An Interview with ChatGPT
An Interview with ChatGPT

This week on the podcast, Marc kick’s Corey off the podcast and interview’s ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

Read More - An Interview with ChatGPT

Read More
Securing Healthcare Tech
Securing Healthcare Tech

This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

Read More - Securing Healthcare Tech

Read More
Rustbuckets and Papercuts
Rustbuckets and Papercuts

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

Read More - Rustbuckets and Papercuts

Read More
MSPs Around the World – Americas
MSPs Around the World – Americas

This week’s podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where […]

Read More - MSPs Around the World – Americas

Read More
Zero Trust Maturity Model 2.0
Zero Trust Maturity Model 2.0

This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA’s guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA’s latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path […]

Read More - Zero Trust Maturity Model 2.0

Read More
Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI
Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

This post arrives later than usual, but as they say, “Better late than never.” Researchers and the media have highlighted various unique, interesting, or destructive vulnerabilities in the last few weeks. We decided to pick three of these vulnerabilities and talk about them. One was patched with Microsoft’s Patch Tuesday in March; another affects the […]

Read More - Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

Read More
Operation Cookie Monster
Operation Cookie Monster

This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft’s attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend’s Toyota Rav4. […]

Read More - Operation Cookie Monster

Read More
Another Software Supply Chain Attack
Another Software Supply Chain Attack

This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.

Read More - Another Software Supply Chain Attack

Read More
3CX Supply Chain Attack
3CX Supply Chain Attack

    3CX created the desktop phone app 3CXDesktopApp and now finds itself in the middle of a supply chain attack. As a recognized company in the softphone space, 3CX provides services to many large companies including Honda, Coca-Cola, BMW, Holiday Inn among others, according to the testimonials on their website. This week though, they […]

Read More - 3CX Supply Chain Attack

Read More
The NSA’s Guidance on Securing Authentication
The NSA’s Guidance on Securing Authentication

This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.

Read More - The NSA’s Guidance on Securing Authentication

Read More
Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

It’s Monday, and there’s no better way to start a new week than with some cybersecurity-related news. So, if you need an excuse to procrastinate a bit more, allow us to fill that void. For this iteration, we made a few minor improvements, as always. In addition to the table of contents from last time, […]

Read More - Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

Read More
An Update on Section 230
An Update on Section 230

  On this week’s episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as […]

Read More - An Update on Section 230

Read More
Here Come The Regulations
Here Come The Regulations

  On today’s episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House’s National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We’ll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but […]

Read More - Here Come The Regulations

Read More
US National Cybersecurity Strategy
US National Cybersecurity Strategy

This week’s episode is all about the White House’s recently released National Cybersecurity Strategy. We’ll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.

Read More - US National Cybersecurity Strategy

Read More
Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

A new week, a new month, and a new Cybersecurity News post! This iteration contains a whopping eight (8) stories covering the last two to four weeks. Since cybersecurity is a diverse field of assorted specializations, we attempt to match that with various stories touching on all aspects of cybersecurity. This time we cover a […]

Read More - Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

Read More
Cybersecurity’s Toll on Mental Health
Cybersecurity’s Toll on Mental Health

This week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy’s security woes, and Twitters latest erratic move.

Read More - Cybersecurity’s Toll on Mental Health

Read More
Successfully Prosecuting a Russian Hacker
Successfully Prosecuting a Russian Hacker

In today’s episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware […]

Read More - Successfully Prosecuting a Russian Hacker

Read More
Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.
Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Welcome to another iteration of Cybersecurity News. The fairly new and unorthodox, semi-monthly news article that highlights a handful of noteworthy cybersecurity-related stories and provides extra references and resources to do further research if you desire. We aim to solidify a more concrete release schedule going forward and will release more information once we have […]

Read More - Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Read More
Live Audience MSP Q&A Panel
Live Audience MSP Q&A Panel

On this week’s very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We’ll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do […]

Read More - Live Audience MSP Q&A Panel

Read More
A Technical Analysis of ISAACWiper
A Technical Analysis of ISAACWiper

Shortly after Putin launched his “special military operation” in Ukraine on February 24th, 2022, researchers from ESET published information about two novel destructive malware families – HermeticWiper and ISAACWiper. HermeticWiper was part of a three-pronged campaign that included a worm and pseudo-ransomware component known as HermeticWizard and HermeticRansom, respectively. HermeticWiper is the data-wiping component. ISAACWiper, […]

Read More - A Technical Analysis of ISAACWiper

Read More
What is CVSS?
What is CVSS?

This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT’s usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.

Read More - What is CVSS?

Read More
CISA Warns of Weaponized RMM Software
CISA Warns of Weaponized RMM Software

On today’s episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.

Read More - CISA Warns of Weaponized RMM Software

Read More
Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Sifting through the most recent cybersecurity-related news may seem daunting, and keeping up with the latest developments is arduous. However, the WatchGuard Threat Lab is happy to filter through the latest cybersecurity news and highlight some stories we believe are important, noteworthy, or interesting. The goal is to focus on a few recent cybersecurity-related stories, […]

Read More - Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Read More
Law Enforcement Infiltrate and Seize Hive Ransomware Operation
Law Enforcement Infiltrate and Seize Hive Ransomware Operation

In a sudden, stunning announcement today, the United States Department of Justice, the FBI, and federal agencies from 13 countries from Europol, announced the seizure of the transnational Hive ransomware operation. The seizure was part of a months-long operation that began in late July 2022 when the FBI infiltrated the Hive network. Deputy Attorney General […]

Read More - Law Enforcement Infiltrate and Seize Hive Ransomware Operation

Read More
Report Roundup
Report Roundup

This week on the podcast, we cover key findings from  three individual reports published last week. In the first report we’ll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we’ll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen […]

Read More - Report Roundup

Read More
Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

Regarding malware, breaches, and the overall threat landscape, 2023 is off to a dynamic start. Malvertising (malicious advertising) continues to be a successful attack vector for hackers, especially from sponsored ads via Google searches. Jon DiMaggio released his long-awaited Ransomware Diary series beginning with the first iteration of the LockBit ransomware group. Also, a new […]

Read More - Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

Read More
The RCE Vulnerability That Wasn’t
The RCE Vulnerability That Wasn’t

This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it’s release in November. We round out the episode with a wave farewell to Windows 7 and Windows […]

Read More - The RCE Vulnerability That Wasn’t

Read More
When Trying to Catch ‘Em All, Leave This RAT Alone
When Trying to Catch ‘Em All, Leave This RAT Alone

Recently, researchers have observed threat actors using a website previously associated with the popular AR game, PokemonGo to distribute a remote access trojan (RAT). The method of delivery is a cleverly disguised game installer that includes a copy of the commonly used NetSupport Manager application, which on its own is technically a trusted application. The […]

Read More - When Trying to Catch ‘Em All, Leave This RAT Alone

Read More
Reviving a Dead Botnet
Reviving a Dead Botnet

This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.

Read More - Reviving a Dead Botnet

Read More
Q3 2022 Internet Security Report
Q3 2022 Internet Security Report

This week on the podcast we discuss key findings from the WatchGuard Threat Lab’s Q3 2022 Internet Security Report. We’ll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]

Read More - Q3 2022 Internet Security Report

Read More
2023 Security Predictions
2023 Security Predictions

It’s that time of year for us to discuss the WatchGuard Threat Lab’s 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn’t make the cut as well as some defensive strategies to try and help stop them from coming true.

Read More - 2023 Security Predictions

Read More
Apple’s New Privacy Expansion
Apple’s New Privacy Expansion

This week on the podcast, we cover Apple’s latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.

Read More - Apple’s New Privacy Expansion

Read More
Hacking Hyundai
Hacking Hyundai

On this week’s episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models’ doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it’s different from previous ones we’ve seen. We […]

Read More - Hacking Hyundai

Read More
CISA Incident Response Learnings
CISA Incident Response Learnings

On today’s episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use […]

Read More - CISA Incident Response Learnings

Read More
Attack Surface Management
Attack Surface Management

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.

Read More - Attack Surface Management

Read More
Endurance Ransomware Claims Breach of US Federal Government
Endurance Ransomware Claims Breach of US Federal Government

The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]

Read More - Endurance Ransomware Claims Breach of US Federal Government

Read More
2022 Cybersecurity Predictions Recap
2022 Cybersecurity Predictions Recap

This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we’ll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. […]

Read More - 2022 Cybersecurity Predictions Recap

Read More
Why OpenSSL Downgraded Their Vulnerability
Why OpenSSL Downgraded Their Vulnerability

On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple […]

Read More - Why OpenSSL Downgraded Their Vulnerability

Read More
CISA’s Cybersecurity Performance Goals
CISA’s Cybersecurity Performance Goals

This week on the podcast we cover CISA’s freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post […]

Read More - CISA’s Cybersecurity Performance Goals

Read More
Ransomware TTPs Deep Dive
Ransomware TTPs Deep Dive

This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.

Read More - Ransomware TTPs Deep Dive

Read More
Cyber Energy Star
Cyber Energy Star

This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.

Read More - Cyber Energy Star

Read More
Q2 Threats and Guilty CSOs
Q2 Threats and Guilty CSOs

Q2 Threats and Guilty CSOs

This week on the podcast, we focus on highlighting WatchGuard’s Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the […]

Read More - Q2 Threats and Guilty CSOs

Read More
Optus Opts Out of PII Protection
Optus Opts Out of PII Protection

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI […]

Read More - Optus Opts Out of PII Protection

Read More
Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)
Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

Update 10/6/2022 : Microsoft has released several updates since their post on the “ProxyNotShell” Exchange vulnerabilities.  If you followed their initial mitigation steps, they are not sufficient to block this threat and your Exchange server may remain vulnerable. Security researchers began poking at the initial mitigation recommendations and found ways to bypass their initial detection […]

Read More - Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

Read More
An Uber Hack
An Uber Hack

The 443 Podcast -An Uber Hack

This week on the podcast, we cover Uber’s most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole […]

Read More - An Uber Hack

Read More
Are CISOs Legally Accountable for Security?
Are CISOs Legally Accountable for Security?

This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of […]

Read More - Are CISOs Legally Accountable for Security?

Read More
A Day in the Life of a Malware Analyst
A Day in the Life of a Malware Analyst

This week on the podcast we sit down with Ryan Estes, a malware analyst on  the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone […]

Read More - A Day in the Life of a Malware Analyst

Read More
The Twitter Thing
The Twitter Thing

This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.

Read More - The Twitter Thing

Read More
2022 Black Hat and Def Con Recap
2022 Black Hat and Def Con Recap

  This week on the podcast we review our time at this year’s Black Hat and Def Con cybersecurity conferences in Las Vegas. We’ll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.

Read More - 2022 Black Hat and Def Con Recap

Read More
Hacker Summer Camp 2022
Hacker Summer Camp 2022

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we’ll discuss the briefings and panels we’re most excited to see and what we hope to get out of them. If you’re not able to attend either conference in person […]

Read More - Hacker Summer Camp 2022

Read More
Private Sector Offensive Actors
Private Sector Offensive Actors

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft’s efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM […]

Read More - Private Sector Offensive Actors

Read More
USA’s Answer to GDPR
USA’s Answer to GDPR

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft’s attempts to […]

Read More - USA’s Answer to GDPR

Read More
Rolling PWN
Rolling PWN

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft’s latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

Read More - Rolling PWN

Read More
Over a Billion Records Leaked in Shanghai National Police Database Hack
Over a Billion Records Leaked in Shanghai National Police Database Hack

This past week, a hacker by the name of ChinaDan allegedly breached the Shanghai National Police (SHGA) database and has put the nearly 23 TB of data up for sale for 10 bitcoin (BTC), or a little over $200k USD as of this writing. ChinaDan claims the data contains “information on 1 Billion Chinese national […]

Read More - Over a Billion Records Leaked in Shanghai National Police Database Hack

Read More
LockBit Ransomware Group Introduces Bug Bounties and More
LockBit Ransomware Group Introduces Bug Bounties and More

The LockBit ransomware group has unveiled a new website – LockBit 3.0 – to host their ransom extortions and data leaks. The website includes several new features, including an unprecedented bug bounty program to assist the group in securing their site; acceptance of the privacy cryptocurrency, Zcash; and the addition of receiving payments from users […]

Read More - LockBit Ransomware Group Introduces Bug Bounties and More

Read More
Grading Gartner’s Guesses
Grading Gartner’s Guesses

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on “insecure by design” in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end […]

Read More - Grading Gartner’s Guesses

Read More
200th Episode Extravaganza
200th Episode Extravaganza

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we’ll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come […]

Read More - 200th Episode Extravaganza

Read More
Robux Ransomware
Robux Ransomware

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we’ve seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

Read More - Robux Ransomware

Read More
0-Days for Days
0-Days for Days

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian’s Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica’s no good, terrible month in Cybersecurity.

Read More - 0-Days for Days

Read More
Package Hijacking
Package Hijacking

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

Read More - Package Hijacking

Read More
WatchGuard Launches PSIRT Page
WatchGuard Launches PSIRT Page

WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services. Our PSIRT page also provides information for […]

Read More - WatchGuard Launches PSIRT Page

Read More
Building Security Strategies with Matt Lee
Building Security Strategies with Matt Lee

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in […]

Read More - Building Security Strategies with Matt Lee

Read More
CISA Guidance for MSPs
CISA Guidance for MSPs

195

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We’ll walk through the list and hit each recommendation and give our own guidance on top of them for […]

Read More - CISA Guidance for MSPs

Read More
The REturn of REvil?
The REturn of REvil?

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

Read More - The REturn of REvil?

Read More
Most Exploited Vulnerabilities of 2021
Most Exploited Vulnerabilities of 2021

This week on the podcast, we dive into CISA’s list of the 15 most exploited vulnerabilities in 2021. We’ll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a […]

Read More - Most Exploited Vulnerabilities of 2021

Read More
Psychic Signatures
Psychic Signatures

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security […]

Read More - Psychic Signatures

Read More
Hidden Hafnium
Hidden Hafnium

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing […]

Read More - Hidden Hafnium

Read More
Patch Management Lag
Patch Management Lag

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We’ll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before […]

Read More - Patch Management Lag

Read More
For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals
For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

When talking to IT and Security professionals, everyone seems to know they shouldn’t overly-expose management portals. And yet, every year we learn some new statistic showing tens of thousands of devices or software products with management portals exposed on the Internet. In hopes of changing this trend, this article talks about why management portals sometimes […]

Read More - For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

Read More
The Rise and Fall of Lapsus$
The Rise and Fall of Lapsus$

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

Read More - The Rise and Fall of Lapsus$

Read More
Sharing Cyclops Blink Threat Intelligence with the Community
Sharing Cyclops Blink Threat Intelligence with the Community

At WatchGuard, we understand the importance of sharing threat intelligence with the information security (infosec) community when safe and appropriate. Not only does this information sharing help to directly defend against known threats, but it also helps the community at large learn from the attacks found in the wild, and appropriately adjust detection and defense […]

Read More - Sharing Cyclops Blink Threat Intelligence with the Community

Read More
SATCOM Security
SATCOM Security

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA’s cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.

Read More - SATCOM Security

Read More
US-Backed Cryptocurrency
US-Backed Cryptocurrency

This week on the podcast, we cover last week’s Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned […]

Read More - US-Backed Cryptocurrency

Read More
Conti Leaks
Conti Leaks

This week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.

Read More - Conti Leaks

Read More
5G Didn’t Break Your Car
5G Didn’t Break Your Car

5G didn’t put malware on these Mazda’s entertainment systems but many Seattle Mazda drivers couldn’t change their radio station after turning it to the local NPR station, KUOW. As one reddit user put it, “the whole audio system and Bluetooth just keeps trying to reboot.” Some users also reported they couldn’t use their backup cameras. […]

Read More - 5G Didn’t Break Your Car

Read More
Rewind: Can We Trust Facial Recognition
Rewind: Can We Trust Facial Recognition

This week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.

Read More - Rewind: Can We Trust Facial Recognition

Read More
SpoolFool: Windows Print Spooler Fooled Again
SpoolFool: Windows Print Spooler Fooled Again

Microsoft’s monthly Patch Tuesday already occurred this month, so you know what that means – more disclosed vulnerabilities. This iteration of patches included fixes for a combined 70 vulnerabilities, including one zero-day. Thankfully, none of these fall into Microsoft’s “critical” category. However, there are four Elevation of Privilege vulnerabilities targeting the Windows Print Spooler service […]

Read More - SpoolFool: Windows Print Spooler Fooled Again

Read More
BGP-Powered Crypto Theft
BGP-Powered Crypto Theft

This week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI’s new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from […]

Read More - BGP-Powered Crypto Theft

Read More
Russia, Fighters of Cybercrime?
Russia, Fighters of Cybercrime?

This week on the podcast we cover Russia’s latest crackdown on cybercriminals within their borders and try to answer the “why now?” question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.

Read More - Russia, Fighters of Cybercrime?

Read More
New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA
New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

In early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform […]

Read More - New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

Read More
Face Recognition and Privacy Concerns Works Its Way Into Taxes
Face Recognition and Privacy Concerns Works Its Way Into Taxes

taxes paperwork

The US IRS has plans to use a 3rd party identification system to prevent tax-related identity theft. The IRS plans to contract with ID.me to identify people using, among other factors, face recognition. James Hendler, professor of Computer, Web and Cognitive Sciences, wrote about some issues with the IRS’s plan. How will the data be […]

Read More - Face Recognition and Privacy Concerns Works Its Way Into Taxes

Read More
Hacking Back at North Korea
Hacking Back at North Korea

This week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week’s episode about North Korea’s internet seemingly […]

Read More - Hacking Back at North Korea

Read More
The Pwnkit Problem
The Pwnkit Problem

This week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea’s Lazarus APT and their […]

Read More - The Pwnkit Problem

Read More
Q3 2021 Internet Security Report
Q3 2021 Internet Security Report

This week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, […]

Read More - Q3 2021 Internet Security Report

Read More
Log4j Becomes The Highest Detected Vulnerability Days After Release
Log4j Becomes The Highest Detected Vulnerability Days After Release

Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity […]

Read More - Log4j Becomes The Highest Detected Vulnerability Days After Release

Read More
The Death of the Carding Marketplace
The Death of the Carding Marketplace

This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces […]

Read More - The Death of the Carding Marketplace

Read More
Is Cybersecurity Vocational?
Is Cybersecurity Vocational?

This week on the podcast we give an update on log4j2 and it’s most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.

Read More - Is Cybersecurity Vocational?

Read More
HP iLO and the Newly Discovered iLOBleed Rootkit
HP iLO and the Newly Discovered iLOBleed Rootkit

Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the system. This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. The […]

Read More - HP iLO and the Newly Discovered iLOBleed Rootkit

Read More
Post-Purchase Monetization of the TV and Your Diminishing Privacy
Post-Purchase Monetization of the TV and Your Diminishing Privacy

The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came few rules. In came the market makers who began to define basic expectations […]

Read More - Post-Purchase Monetization of the TV and Your Diminishing Privacy

Read More
Give Us Your SSN, Your Email Password, and Your Dream Job
Give Us Your SSN, Your Email Password, and Your Dream Job

Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your […]

Read More - Give Us Your SSN, Your Email Password, and Your Dream Job

Read More
Active Compromises of vCenter Using The Log4J Vulnerability
Active Compromises of vCenter Using The Log4J Vulnerability

Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen activity from this exploit to install coin miners. In one of the first targeted cases for this vulnerability, a ransomware gang have exploited VMware vCenter with Conti […]

Read More - Active Compromises of vCenter Using The Log4J Vulnerability

Read More
Log4Shell Deep Dive
Log4Shell Deep Dive

This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to […]

Read More - Log4Shell Deep Dive

Read More
Bluetooth Is Safe Enough For You
Bluetooth Is Safe Enough For You

Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of […]

Read More - Bluetooth Is Safe Enough For You

Read More
Our 2022 Security Predictions
Our 2022 Security Predictions

As we move in to the end of the year it’s time for us to discuss WatchGuard Threat Lab’s 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they’re all grounded in the trends that we’ve been following and what we expect to see continue into the coming year. If […]

Read More - Our 2022 Security Predictions

Read More
Critical RCE Vulnerability in Log4J2
Critical RCE Vulnerability in Log4J2

[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit is and damaging […]

Read More - Critical RCE Vulnerability in Log4J2

Read More
2021 Security Predictions Grading
2021 Security Predictions Grading

Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab’s 2021 security predictions and give ourselves a grading on how well we did! On this episode, we’ll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either […]

Read More - 2021 Security Predictions Grading

Read More
Dangers of Bicubic Interpolation In Pictures
Dangers of Bicubic Interpolation In Pictures

We have seen interpolation in the news concerning a recent court case. Here we cover what interpolation does to an image, not only because of the recent news but also because face recognition uses interpolation to better recognize a face – something we have covered in the past.   Interpolation means to take pixels in an image and calculate what their […]

Read More - Dangers of Bicubic Interpolation In Pictures

Read More
CISA Alert Tips Off Adversaries
CISA Alert Tips Off Adversaries

This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on […]

Read More - CISA Alert Tips Off Adversaries

Read More
The Evolution of Phishing: A WatchGuard Real-World Example
The Evolution of Phishing: A WatchGuard Real-World Example

Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these […]

Read More - The Evolution of Phishing: A WatchGuard Real-World Example

Read More
Trojan Source
Trojan Source

On this week’s episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA’s new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.

Read More - Trojan Source

Read More
Face Recognition Removed from Facebook But Added to Metaverse
Face Recognition Removed from Facebook But Added to Metaverse

Facebook’s face recognition has one of the largest training databases in the world, built from photos that users have uploaded since Facebook’s inception, but that database’s time may be coming to an end. In a blog post on Facebook they recently announced that they are going to remove the controversial face recognition technology from Facebook.  “We’re shutting down the Face Recognition system […]

Read More - Face Recognition Removed from Facebook But Added to Metaverse

Read More
The Security Conscious NRA Breached by Russian Hacking Group
The Security Conscious NRA Breached by Russian Hacking Group

The NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group currently sanctioned by the US) or may even just be the same group rebranded. Grief posted […]

Read More - The Security Conscious NRA Breached by Russian Hacking Group

Read More
Stealing Make-believe Money
Stealing Make-believe Money

This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid […]

Read More - Stealing Make-believe Money

Read More
Nobelium Threat Group Sets Sights on IT Providers
Nobelium Threat Group Sets Sights on IT Providers

The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise. MSTIC […]

Read More - Nobelium Threat Group Sets Sights on IT Providers

Read More
China Linked Hacking Group Compromises 13 Telcos
China Linked Hacking Group Compromises 13 Telcos

Many cellular network protocols don’t have clear documentation explaining them, especially when it comes to the proprietary protocols used by 4G and 5G networks. This makes them difficult to understand by the average person, but also potentially vulnerable to anyone willing to take the time to research them and find issues. We haven’t yet seen attacks […]

Read More - China Linked Hacking Group Compromises 13 Telcos

Read More
Schrödinger’s REvil
Schrödinger’s REvil

171

This week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the […]

Read More - Schrödinger’s REvil

Read More
InfoSec News From Last Week October 25th, 2021
InfoSec News From Last Week October 25th, 2021

  Exploit Broker Zerodium Increasing Focus on VPNs The exploit broker Zerodium announced they are seeking exploits for ExpressVPN, NordVPN, and Surfshark VPNs. VPNs are becoming a more lucrative target.  Zerodium’s announcement has brought attention to that. Many use VPNs because they believe it protects their privacy. However, it also puts the responsibility of that […]

Read More - InfoSec News From Last Week October 25th, 2021

Read More
US Government Sets Rules for Hacking Tool Exports
US Government Sets Rules for Hacking Tool Exports

The US Department of Commerce announced export controls on hacking tools used for surveillance. The aim is to curb access to authoritarian governments who have been identified for human rights violations and abuses. Any companies who intend to sell their wares abroad will need to acquire a License Exception Authorized Cybersecurity Exports (ACE). An additional […]

Read More - US Government Sets Rules for Hacking Tool Exports

Read More
InfoSec News From Last Week October 18th, 2021
InfoSec News From Last Week October 18th, 2021

Azure, BitBucket, GitHub, and GitLab revoke SSH Keys After GitKraken Vulnerability Git software client GitKraken disclosed an SSH key generation flaw in a post this past Monday. The flaw was discovered in versions 7.6.x, 7.7.x, and 8.0.0 for releases available between mid-May to late-June this year. GitKraken uses the library keypair to generate SSH keys […]

Read More - InfoSec News From Last Week October 18th, 2021

Read More
VirusTotal Global Ransomware Report
VirusTotal Global Ransomware Report

This week on the podcast we cover VirusTotal’s first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world’s largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.

Read More - VirusTotal Global Ransomware Report

Read More
HTML Basics That We Often Miss
HTML Basics That We Often Miss

  By now you have probably heard of Missouri governor Mike Parson tweet threatening to prosecute a journalist for responsibly disclosing a data breach. If you missed it though, according to the tweet and the governor’s ensuing press conference, a journalist from the St. Louis Post-Dispatch found teachers’ SSNs embedded in a public web page […]

Read More - HTML Basics That We Often Miss

Read More
The SMS Breach You Didn’t Hear About
The SMS Breach You Didn’t Hear About

This week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we’ll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming […]

Read More - The SMS Breach You Didn’t Hear About

Read More
InfoSec News Weekly Wrap-Up October 8th, 2021
InfoSec News Weekly Wrap-Up October 8th, 2021

SMS Routing Company Syniverse Discloses Breach Spanning 5 Years Syniverse claims to be “the world’s most connected company” serving so many large telecommunication companies that it should be assumed that your provider is one of their customers. Their reach is significant, acting as the intermediary for text messages between carriers and routing calls between networks. […]

Read More - InfoSec News Weekly Wrap-Up October 8th, 2021

Read More
US Agencies Have Been Busy
US Agencies Have Been Busy

U.S. Agencies have been making headlines recently for a lot of their new cyber related regulations. The following are several noteworthy of examples of what they have been up to. The Federal Communications Commission (FCC) and Robocalls The FCC expects phone carriers to block illegal robocalls from providers not yet registered with the Robocall Mitigation […]

Read More - US Agencies Have Been Busy

Read More
How SMBs Deal With An Uptick in Breaches
How SMBs Deal With An Uptick in Breaches

A recent survey of 700 SMBs (small and medium businesses) by Untangle shows an increase in cybersecurity budgets and awareness. While some companies still have users working remotely, 50% of respondents have moved back into the office or at least some form of hybrid work environment. Most companies – 64% – see breaches as the […]

Read More - How SMBs Deal With An Uptick in Breaches

Read More
Twitch Affected by Large Data Leak
Twitch Affected by Large Data Leak

  Update 1: Twitch believes login credentials have not been exposed (October 7th, 2021): Twitch posted a statement on their blog that, “At this time, we have no indication that login credentials have been exposed.” Additionally, as credit card details are not stored by Twitch, they have ruled out exposure. We recommend changing your password […]

Read More - Twitch Affected by Large Data Leak

Read More
To Not Share is To Care
To Not Share is To Care

October is Cybersecurity (or, for the less civilized, ‘cyber security’) Awareness Month. Every October, CISA hosts security awareness presentations. Additionally, Cybersecurity Awareness month means an increase in jaded by posts by InfoSec professionals on Twitter and emails from corporate reiterating security basics. There are plenty of positives to be found. Individuals are increasingly familiar with […]

Read More - To Not Share is To Care

Read More
Q2 2021 Internet Security Report
Q2 2021 Internet Security Report

This week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We’ll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.

Read More - Q2 2021 Internet Security Report

Read More
FBIs Botched Plan to Catch REvil Cost Victims Millions
FBIs Botched Plan to Catch REvil Cost Victims Millions

Earlier this year Kaseya, who provides IT management software to service providers that support tens of thousands of organizations from schools to hospitals, was involved in a ransomware attack fueled by a compromise of their VSA Remote Monitoring and Management (RMM) software. While the ransomware only impacted a small percentage of their customer base, thousands […]

Read More - FBIs Botched Plan to Catch REvil Cost Victims Millions

Read More
Half of Respondents Admitted to Sharing Their Passwords
Half of Respondents Admitted to Sharing Their Passwords

  We often write about passwords and password policies from the IT/security administrator side, usually after a password becomes compromised. We recently found a survey that looked at compromised passwords from the user’s side to better understand how users feel about them. The survey shows a few key points that shed light on the social […]

Read More - Half of Respondents Admitted to Sharing Their Passwords

Read More
Kaseya’s Trusted Third Party
Kaseya’s Trusted Third Party

This week on the podcast we discuss the recently disclosed identify of the”Trusted Third Party” that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT […]

Read More - Kaseya’s Trusted Third Party

Read More
OMIGOD!
OMIGOD!

This week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group’s Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft’s latest […]

Read More - OMIGOD!

Read More
OWASP Update
OWASP Update

This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we’re excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails […]

Read More - OWASP Update

Read More
Azure Linux VMs Vulnerable Due to Pre-Installed Agents
Azure Linux VMs Vulnerable Due to Pre-Installed Agents

Update 1:  OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post (September 16th, […]

Read More - Azure Linux VMs Vulnerable Due to Pre-Installed Agents

Read More
ProxyWare
ProxyWare

This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user’s CosmosDB instance. Finally, we end with a discussion of location […]

Read More - ProxyWare

Read More
Stop Following Me – Rewind
Stop Following Me – Rewind

163

This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.

Read More - Stop Following Me – Rewind

Read More
PolyNetwork Heist
PolyNetwork Heist

162 PolyNetwork

This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we’ll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of […]

Read More - PolyNetwork Heist

Read More
Mobile Carriers Leak 123 million Customer Records in One Week
Mobile Carriers Leak 123 million Customer Records in One Week

Over the last week we saw 70 million AT&T customers and 53 million T-Mobile customers have their personal data leaked to hackers. While we didn’t find any connections between these two breaches the timing of the incidents  is strange. AT&T has so far denied the breach involving their customers. While we don’t have confirmation from […]

Read More - Mobile Carriers Leak 123 million Customer Records in One Week

Read More
DEF CON 29 Recap
DEF CON 29 Recap

This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven’t checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year’s and all previous year’s content.

Read More - DEF CON 29 Recap

Read More
Supply Chain Attacks Through an IDE
Supply Chain Attacks Through an IDE

David Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research.  Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause infections. A popular example of this comes from […]

Read More - Supply Chain Attacks Through an IDE

Read More
ProxyShell, Exchange Servers Under Attack Again
ProxyShell, Exchange Servers Under Attack Again

With the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and disclosing CVE-2021-26855, better known as ProxyLogon, to Microsoft back in January 2021, […]

Read More - ProxyShell, Exchange Servers Under Attack Again

Read More
Bad BGP
Bad BGP

160 bad bgp

This week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) […]

Read More - Bad BGP

Read More
Defcon Talk Timeless-Timing-Attacks
Defcon Talk Timeless-Timing-Attacks

Cyber security breach concept

  A recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, “Timeless Timing Attacks” made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly […]

Read More - Defcon Talk Timeless-Timing-Attacks

Read More
What Is Zero-Trust Security?
What Is Zero-Trust Security?

159 zero trust

This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We’ll answer all that and more after a quick Kaseya update and a security memorandum from the White House.

Read More - What Is Zero-Trust Security?

Read More
What to Make of the Biden Administration’s New ICS Cybersecurity Initiative
What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this is a very real need and […]

Read More - What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Read More
Why So SeriousSAM
Why So SeriousSAM

158 Serious SAM

This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.

Read More - Why So SeriousSAM

Read More
Section 230 – Rewind
Section 230 – Rewind

157 section 230 rewind

With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are […]

Read More - Section 230 – Rewind

Read More
REvil Hasn’t Gone Anywhere (Probably)
REvil Hasn’t Gone Anywhere (Probably)

Many of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple zero-day vulnerabilities in Kaseya’s VSA software and left thousands of organizations encrypted, REvil appears to have gone […]

Read More - REvil Hasn’t Gone Anywhere (Probably)

Read More
The PrintNightmare Saga Continues to Frustrate System Administrators
The PrintNightmare Saga Continues to Frustrate System Administrators

Nightmare

  Update 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from PrintNightmare (CVE-2021-34527), but it is still within a similar sphere of printer driver vulnerabilities. Gentilkiwi, the author of the Mimikatz utility, posted a […]

Read More - The PrintNightmare Saga Continues to Frustrate System Administrators

Read More
Kaseya & PrintNightmare
Kaseya & PrintNightmare

156 Print Nightmare

This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips […]

Read More - Kaseya & PrintNightmare

Read More
A Market for Lemons?
A Market for Lemons?

155 market for lemons

We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week’s episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey’s post on the Kaseya […]

Read More - A Market for Lemons?

Read More
Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)
Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around 1500 companies (so far), many customers of MSPs, have […]

Read More - Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Read More
Q1 2021 Internet Security Report
Q1 2021 Internet Security Report

Its that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We’ll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.

Read More - Q1 2021 Internet Security Report

Read More
AutoIt Malware: To obfuscate, or not to obfuscate
AutoIt Malware: To obfuscate, or not to obfuscate

What is malware? Its goal is to bypass computer defenses, infect a target, and often remain on the system if possible. A variety of evasion techniques depend on a mix between the skill of the author and the defenses of the intended victim. One of the most widely used tactics in malware is obfuscation. Obfuscation […]

Read More - AutoIt Malware: To obfuscate, or not to obfuscate

Read More
Python Modules: Not As Safe As You Think
Python Modules: Not As Safe As You Think

  We normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially see this in Unix-based operating systems. When it comes to security many professionals use Python to automate tasks. Because […]

Read More - Python Modules: Not As Safe As You Think

Read More