Russian hackers who stole red team tools from FireEye may have been in action on a much broader scale, operating a sophisticated supply chain campaign targeting multiple global organizations and governments. FireEye revealed in an update on Sunday that nation state attackers inserted malicious code into legitimate software for SolarWinds’ popular Orion product to gain
Month: December 2020
While much attention has been given to the potential for remote learning environments being exploited by cybercriminals, a new CISA joint cybersecurity advisory warns that such attacks are already happening. Threat actors are targeting K-12 schools and remote learning classrooms, according to a joint cybersecurity advisory by CISA, the FBI, and the Multi-State Information Sharing
by Paul Ducklin In this episode, we dig into research that figured out a way to steal data from iPhones wirelessly; we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea; and we give you advice on how to talk
With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as one of the top strategic technology trends to watch out for. While empowering non-technical users to run ad-hoc
Norwegian police have blamed Russian advanced persistent threat (APT) group Fancy Bear for the summer cyber-attack on Norway’s single-chamber parliament, the Storting. In what was described as “a significant attack” by the parliament’s director, Marianne Andreassen, unauthorized individuals managed to gain access to the email accounts of several elected members of parliament and to some accounts belonging
A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading trading platforms that may expose their users to a host of security and privacy risks Much ink has been spilled on how the COVID-19 pandemic has shut down or disrupted many aspects of our lives. To some extent,
by Paul Ducklin Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. We received a sample that looked like this (note spelling mistake anather): Subject: YYYY, WE'VE_RECEIVED_YOUR_ORDER! Thanks for shopping with us! You'll find a summary of your recent
A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software—as well as with ability for its affiliates to launch double extortion attacks. The MountLocker ransomware, which only began making the rounds in July 2020,
A Kosovan hacker, imprisoned in the United States for stealing personal data belonging to US military and government personnel and sending it to the Islamic State of Iraq and the Levant (ISIL), has been granted compassionate release. Ardit Ferizi was sentenced to 20 years in prison in September 2016 after he confessed to providing material support to
LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack ESET researchers discovered that chat software called Able Desktop, part of a business management suite popular in Mongolia and used by 430 government agencies in Mongolia (according to Able), was used to deliver the HyperBro backdoor (commonly used by LuckyMouse), the Korplug RAT (also known as PlugX), and a RAT called Tmanger (which was first documented by NTT Security and was used during Operation Lagtime IT campaigns attributed to TA428 by Proofpoint). A connection with
by Paul Ducklin If you’ve been following the news today, you’ve probably seen headlines announcing a breach at the European Medicines Agency (EMA). The EMA, based in Amsterdam in The Netherlands, is responsible for the evaluation and approval of medicines in the European Union – a role reflected in its former name, the European Agency
Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. “Adrozek,” as it’s called by the Microsoft 365 Defender Research Team, employs an “expansive, dynamic attacker infrastructure” consisting of 159 unique domains, each of which hosts an
While shopping for the perfect presents, be on the lookout for naughty cybercriminals trying to ruin your Christmas cheer by tricking you out of both gifts and money In the words of the famous song, it’s beginning to look a lot like Christmas, and in the run-up to one of the most anticipated holidays of
A UK business specializing in tax relief for its clients has exposed the personal details of over 100,000 of them via a misconfigured content management system (CMS). Researchers at Website Planet told Infosecurity exclusively about the privacy snafu, which they discovered on October 13 and notified the firm about the next day. That company was
How can IT know, without a doubt, the identity of those individuals and devices connecting to the enterprise network? This was the critical question Raj Chandrasekar, COO at Consilio, an e-discovery firm based in Washington, D.C., posed before beginning a zero-trust initiative and implementation project. “We want to be sure we know who’s connecting from
The last Patch Tuesday of the year brings another fresh batch of fixes for Microsoft products and while the number may be lower the patches are no less important. In the last Patch Tuesday of the year Microsoft has rolled out fixes to no fewer than 58 vulnerabilities across more than ten products including Windows and
by Paul Ducklin Environmental group WWF operates a tragically necessary maritime cleanup operation to find and remove so-called “ghost nets” from the sea. A ghost net is any rogue fishing device (often a gill net, dragged behind fishing vessels to snare fish by the gills in large numbers) that has got loose and carries on
Critical flaws in a core networking library powering Valve’s online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected 3rd-party game servers. “An attacker could remotely crash an opponent’s game client to force a win or even perform a ‘nuclear rage quit’ and crash the Valve game
A man from Texas, charged in January with cyber-stalking realtors across the United States, has been indicted for capital murder in the deaths of two women. Andy Castillo was arrested on January 6 for allegedly cyber-stalking as many as 100 realtors in up to 22 different states. The 57-year-old Lubbock resident was accused of sending sexually explicit
U.S. tax-payers will be able to enroll in the Identity Protection PIN program that was previously available only to certain users starting mid-January. U.S. tax-payers will be able to enroll in the Identity Protection PIN program that was previously available only to certain users starting mid-January In an effort to battle various flavors of tax fraud and tax-related
by Paul Ducklin Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. We’ve certainly had our fair share of them recently, sometimes clocking up several fake calls a day. (We can’t tell
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called “AMNESIA:33” by Forescout researchers, it is a set of 33 vulnerabilities
A British judge has ruled against extraditing to the United States a man accused of hacking into hundreds of webcams all over the world to spy on victims without their consent. Christopher Taylor allegedly duped 772 victims in 39 countries into downloading computer software called Cammy between August 2012 and July 2015. By installing the software, victims
The new release patches a total of eight vulnerabilities affecting the desktop versions of the popular browser. Google has rolled out an update last week for its Chrome web browser that fixes a range of security flaws including four that have been classified as highly severe. The vulnerabilities affect the Windows, macOS, and Linux versions
by Paul Ducklin Did you know you can join us for a live cybersecurity lecture every Friday? Just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to find out the time we’ll be on air – it’s usually somewhere between 18:00 and 19:00 UK time, which is late
There seems to be a new ransomware story every day – a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after receiving ransom payments, private data being publicly released by ransomware attackers—it never ends. Just last month, the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and
A new report on the cybersecurity of the education sector has found that nearly half of the schools in the United States did not implement new training or tools to protect staff and students during the pandemic. The CTNT report “Lessons learned: How education coped in the shift to distance learning” from Malwarebytes details data from 500 students and
Russian state hackers have been exploiting a vulnerability found in VMware products including virtual workspaces, according to a cybersecurity advisory issued today by the National Security Agency. The VMware vulnerability, which was dubbed CVE-2020-4006 and rated 7.2 on the Common Vulnerability Scoring System (CVSS), was disclosed and patched last week. According to the NSA advisory,
21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization’s security with DMARC, which if not implemented, will enable cyber-attackers to: Instigate money transfers from vulnerable
The former chief executive officer of a technology startup based in Virginia has admitted conning investors out of millions of dollars. Danny Boice pleaded guilty yesterday to one count of securities fraud and one count of wire fraud before senior United States district judge T.S. Ellis III of the Eastern District of Virginia. Alexandria resident Boice held