Security

The number of vulnerabilities exploited in 2022 has grown by 55% compared to 2021, shows a new report by Palo Alto Networks’ Unit 42. The Network Threat Trends Research Report, volume 2, also suggests Linux malware emerged as a growing concern last year, particularly since 90% of public cloud instances are running on Linux. The

by Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted customers of its MOVEit Transfer and related MOVEit Cloud products about a critical vulnerability dubbed CVE-2023-34362. As the name suggests, MOVEit Transfer is a system that makes it easy to store and

A critical security threat has been discovered in the MOVEit Transfer file transfer software that would enable attackers to steal data from organizations. The zero-day vulnerability, which was uncovered by Progress last week, is an SQL injection weakness found in the managed file transfer (MFT) product.  This flaw (CVE-2023-34362) can grant escalated privileges and unauthorized

US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.  The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,

by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection.  According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The method introduces another supply chain vulnerability for

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good

Cybersecurity firm Eclypsium has uncovered a potential backdoor in Gigabyte systems, raising concerns about the security of the technology supply chain. Writing in a blog post on Wednesday, the company explained it used its automated heuristics to detect suspicious behavior within Gigabyte systems. Further analysis revealed that firmware in these systems was dropping and executing

by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down),

Danni Brooke, former Met police officer and star of Channel 4’s Hunted, has been confirmed as the keynote speaker at this year’s Women in Cybersecurity event at Infosecurity Europe, the most influential information security event running from 20-22 June 2023 at ExCeL London. Dubbed the ‘Undercover Mother’, Danni is a leading intelligence figure, formerly working as a

by Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-buildin toolkit known as Expo. The good news is that Expo responded really quickly to SALT’s bug report, coming up with a fix within just a few

Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised.   This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring, Stephen Robinson, senior threat intelligence analyst at WithSecure said

Unit 42, Palo Alto Networks threat research team, has found new malicious activity targeting IoT devices, using a variant of Mirai, a piece of malware that turns networked devices running Linux, typically small IoT devices, into remotely controlled bots that can be used in large-scale network attacks. Dubbed IZ1H9, this variant was first discovered in

Perception Point has observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022. According to the company’s 2023 Annual Report: Cybersecurity Trends & Insights report, the total number of attacks increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread

New Russian-linked malware designed to take down electricity networks has been identified by Mandiant threat researchers, who have urged energy firms to take action to mitigate this “immediate threat.” The specialized operational technology (OT) malware, dubbed COSMICENERGY, has similarities to malware used in previous attacks targeting electricity grids, including the ‘Industroyer’ incident that took down

Romanian cybersecurity firm Safetech launched its official presence in the UK on May 23, 2023, underscoring the recent growth of the UK’s cybersecurity sector. Plans to build a security operations center (SOC) at the Plexal Innovation Hub based in London were announced during the company’s launch event. Anca Stancu, co-founder and managing partner of Safetech

by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our

Small and medium-sized businesses (SMBs) are increasingly being targeted by advanced persistent threat (APT) actors globally, Proofpoint has found. In a new report published on May 24, 2023, the Proofpoint research team saw that state-aligned threat actors from Russia, Iran and North Korea were specifically targeting SMBs across the world in in phishing attacks conducted

by Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts got there in the end. The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man

Washington has sanctioned four entities and one individual involved in obfuscated revenue generation and malicious cyber activities that support the North Korean government, the US Treasury announced on May 23, 2023. Three entities, the Pyongyang University of Automation, the Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center, have been sanctioned because

by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers’ toolkits that have done computer science and software engineering a world

In the digital world, what’s useful today can become harmful tomorrow. Unfortunately, this is precisely what happened with iRecorder – Screen Recorder. This screen-recording Android application with over 50,000 installs was launched in September 2021 as a legitimate app. However, the app now contains a new Android remote access Trojan (RAT) based on AhMyth. This

by Naked Security writer In November 2022, we wrote about a multi-country takedown against a Cybercrime-as-a-Service (CaaS) system known as iSpoof. Although iSpoof advertised openly for business on a non-darkweb site, reachable with a regular browser via a non-onion domain name, and even though using its services might technically have been legal in your country

Facebook’s owner Meta has been fined €1.2bn ($1.3m) by EU regulators for violating the General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on May 22, 2023. The Irish watchdog claimed that Meta’s transfers of personal data to the US on the basis of standard contractual clauses (SCCs) since 16 July 2020

A vulnerability has been discovered in the KeePass password management software (v2.X), allowing an attacker to dump the master password from the program’s memory. The vulnerability (CVE-2023-32784) was discovered by security researcher Dominik Reichl and is expected to be resolved in the upcoming release of KeePass 2.54 in early June 2023. Reichl described the flaw

Microsoft has released a new report warning companies about the alarming surge in business email compromise (BEC) attacks and the evolving tactics employed by cyber-criminals.  The Cyber Signals report, titled “The Confidence Game,” provides a comprehensive analysis of the threat landscape from April 2022 to April 2023, suggesting the company’s systems currently detect and investigate an

by Paul Ducklin AN INSIDER ATTACK (WHERE THE PERP GOT CAUGHT) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop

Security experts are warning of surging threat actor interest in voice cloning-as-a-service (VCaaS) offerings on the dark web, designed to streamline deepfake-based fraud. Recorded Future’s latest report, I Have No Mouth and I Must Do Crime, is based on threat intelligence analysis of chatter on the cybercrime underground. Deepfake audio technology can mimic the voice

by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system update that takes you to