Security

The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification highlighting two concerning trends in the world of ransomware attacks.  As of July 2023, the FBI observed a rising occurrence of dual ransomware attacks on the same victim within close date proximity and a shift towards new data destruction tactics in ransomware

Recent weeks have witnessed a significant increase in cyber-attacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns.  The surge in these attacks has prompted DomainTools researchers to delve into their origins and implications, with findings described in an advisory published on Thursday. One smishing message raised suspicions due to its peculiar

Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads. Malwarebytes researchers have now demonstrated how unsuspecting users seeking software downloads can be tricked into visiting malicious websites and unwittingly downloading malware. Bing Chat, an artificial intelligence (AI) interactive text and image application powered by OpenAI’s

The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android devices.  The company unveiled this increased payout on X (formerly Twitter) on Tuesday, aiming to attract top-tier researchers and developer teams to collaborate with their platform. Under this program, Operation Zero is willing to pay

The Budworm advanced persistent threat (APT) group, also known as LuckyMouse, Emissary Panda or APT27, has once again demonstrated its active development of cyber-espionage tools.  In August 2023, security researchers from Symantec’s Threat Hunter Team, a part of Broadcom, uncovered Budworm’s use of an updated version of its key tool to target a Middle Eastern telecommunications

Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues.  With over 50,000 active installations, the plugin developed by smp7 and wp.insider is widely used for custom membership management on WordPress sites. The flaws identified by Patchstack security researchers include

Xenomorph malware has reemerged in a new distribution campaign, expanding its scope to target over 30 US banks along with various financial institutions worldwide.  Cybersecurity analysts from ThreatFabric recently uncovered this resurgence, which relies on deceptive phishing webpages posing as a Chrome update to trick victims into downloading malicious APKs. Xenomorph first came to the

Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security

Unit 42 researchers have unveiled a web of complex cyber-espionage attacks targeting a government in Southeast Asia. While initially thought to be the work of a single threat actor, the researchers discovered that the attacks were orchestrated by three separate and distinct clusters of threat actors. These espionage operations, occurring simultaneously or nearly so, affected

Security researchers at SentinelLabs, in collaboration with QGroup, have unveiled a new threat actor known as Sandman. This unidentified group has been launching targeted attacks on telecommunications providers in regions including the Middle East, Western Europe and South Asia. According to an advisory published by SentinelLabs on Thursday, Sandman’s tactics are marked by stealthy lateral movements

The year 2023 has seen a surge of over 700 advertisements on the dark web offering Distributed Denial of Service (DDoS) attacks through Internet of Things (IoT) devices, suggests a new report by Kaspersky. These services come at varying price points, depending on factors like DDoS protection and verification on the target’s end, ranging from

The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super

The UK government has announced its decision to establish a data bridge with the US, enabling the free flow of personal data between the two regions. Adequacy regulations have been laid out in the UK Parliament on September 21, 2023, to give effect to this decision, with the regulations due to come into force from

The average annual cost of insider risk incidents has risen to $16.2m per organization in 2023, up from $15.4m in 2022, according to DTEX and the Ponemon Institute’s latest Cost of Insider Risks report. This represents a 40% rise over four years. The research also found that the number of insider incidents has increased to

While most people won’t be surprised to hear that China is investing heavily in cybersecurity, the extent of the country’s cyber power could be more significant than anyone would imagine. According to Christopher Wray, director of the FBI, China already has a more extensive hacking program than every other major nation combined. During his talk

Malicious actors have stolen more than $1m in a ‘pig butchering’ cryptocurrency scam in just three months, researchers from Sophos have found. The highly sophisticated operation used a total of 14 domains and dozens of nearly identical fraud sites, according to the investigation. The attackers utilized fake trading pools of cryptocurrency from decentralized finance (DeFi)

A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,”

China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed. The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and

Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research. The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote

A ransomware attack on a third-party supplier to Greater Manchester Police (GMP) has exposed personal data of more UK police officers. The attackers reportedly targeted a company in Stockport, near Manchester, UK, which makes ID cards for various organizations, including GMP. It therefore holds personal details of staff working at GMP, which recently celebrated employing

Microsoft has detailed a new phishing campaign in which corporate employees are targeted via MS Teams. The tech giant said the campaign is being perpetrated by financially motivated threat actor Storm-0324. This group acts as a “distributor” in the cyber-criminal community, distributing the payloads of other attackers after achieving initial network compromise via email-based initial

A multi-stage malware attack has recently come to light, with Windows systems as its primary target, according to security researchers at Fortinet. This campaign, discovered in August, employs a series of malicious tactics capable of compromising organizations in several ways. According to a technical blog post published by Fortinet security expert Cara Lin on Monday,

Security researchers at Kaspersky have unveiled research into the activities of the notorious ransomware group known as Cuba. According to a new advisory published by Kaspersky earlier today, the notorious cyber-criminal gang has been targeting organizations worldwide, spanning various industries. The technical write-up shows that in December 2022, Kaspersky detected a suspicious incident on a

Google’s Threat Analysis Group (TAG) has shed light on a cyber campaign originating from North Korea, targeting security researchers engaged in vulnerability research and development.  Since January 2021, TAG has reportedly monitored and thwarted multiple campaigns conducted by these North Korean threat actors. The team has discovered the exploitation of at least one zero-day vulnerability in

Security researchers at Cisco Talos have uncovered a scheme that preys on graphic designers and 3D modelers. Cyber-criminals are using cryptocurrency-mining malware to hijack the Graphics Processing Units (GPUs) commonly used in these fields. According to an advisory published by Cisco Talos on Thursday, this campaign has been active since at least November 2021. The

China has unveiled a new cyber capability powered by artificial intelligence, enabling the automatic generation of images for influence operations. These operations aim to mimic US voters across the political spectrum, fueling controversy along racial, economic and ideological lines. The findings come from a new report released by Microsoft Threat Analysis Center (MTAC) on Thursday.

API security company Traceable has unveiled its 2023 State of API Security Report. In collaboration with the Ponemon Institute, the study provides a comprehensive global perspective on the state of API security, exposing critical vulnerabilities and their far-reaching consequences. The report, based on insights from 1629 cybersecurity experts across the United States, the United Kingdom

A new open source tool designed to emulate cyber-attacks against operational technology (OT) has been released by MITRE and the US Cybersecurity and Infrastructure Security Agency (CISA). The MITRE Calder for OT is now publicly available as an extension to the open-source Caldera platform on GitHub. This will enable cyber professionals working with industrial control

WithSecure has unveiled a new security vulnerability in Mend.io’s application security platform today, raising concerns about data privacy and potential exploitation.  Mend.io, a provider of application security solutions with over 1000 customers, has swiftly addressed the issue. The vulnerability centers on Mend.io’s implementation of the Security Assertion Markup Language (SAML) login option, a standard method

Cybersecurity experts at ReversingLabs have unveiled a concerning continuation of the infamous VMConnect campaign.  This ongoing assault, initially discovered in early August, has revealed an insidious trend of cyber-criminals infiltrating the Python Package Index (PyPI), a repository for open-source Python software. The VMConnect campaign, which originally involved two dozen malicious Python packages, has now been