FreshRSS

🔒
△ 🔃
☐ ☆ ✇ Naked Security

S3 Ep136: Navigating a manic malware maelstrom

By Paul Ducklin — May 25th 2023 at 16:50
Latest episode - listen now. Full transcript inside...

☐ ☆ ✇ The Hacker News

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

By Ravie Lakshmanan — May 25th 2023 at 14:53
A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News. Targets include
☐ ☆ ✇ The Hacker News

Zyxel Issues Critical Security Patches for Firewall and VPN Products

By Ravie Lakshmanan — May 25th 2023 at 14:43
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system. A brief description of the two issues is below - CVE-2023-33009 -
☐ ☆ ✇ The Register - Security

So the FBI 'persistently' abused its snoop powers. What's to worry about?

May 25th 2023 at 14:30

When is warrantless surveillance warranted?

Register Kettle If there's one thing that's more all the rage these days than this AI hype, it's warrantless spying by the Feds.…

☐ ☆ ✇ The Hacker News

Cynet Protects Hospital From Lethal Infection

By The Hacker News — May 25th 2023 at 13:47
A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not
☐ ☆ ✇ The Hacker News

New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

By Ravie Lakshmanan — May 25th 2023 at 13:39
An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the intrusion relied on email phishing as an initial access pathway, leading to the execution of a .NET
☐ ☆ ✇ The Hacker News

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

By Ravie Lakshmanan — May 25th 2023 at 11:32
A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. "The attackers can steal credentials and exfiltrate users' data and personal information, which can be leveraged for malicious activities beyond financial gain," SentinelOne researchers Aleksandar Milenkoski and Tom
☐ ☆ ✇ The Hacker News

Webinar with Guest Forrester: Browser Security New Approaches

By The Hacker News — May 25th 2023 at 10:50
In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware of the latest threats to browser security. That's why the Browser Security platform LayerX is hosting a webinar featuring guest speaker Paddy Harrington, a senior analyst at Forrester and the lead author of Forrester's browser security report "Securing The
☐ ☆ ✇ The Hacker News

Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

By Ravie Lakshmanan — May 25th 2023 at 10:40
The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec said in a
☐ ☆ ✇ The Register - Security

Facial recog system used by Met Police shows racial bias at low thresholds

May 25th 2023 at 10:34

Tech used at King's Coronation employs higher thresholds on once-only watch-lists, Met tells MPs

The UK Parliament has heard that a facial recognition system used by the Metropolitan police during the King’s Coronation can exhibit racial bias at certain thresholds.…

☐ ☆ ✇ WeLiveSecurity

Shedding light on AceCryptor and its operation

By Jakub Kaloč — May 25th 2023 at 09:30

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity

☐ ☆ ✇ The Hacker News

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

By Ravie Lakshmanan — May 25th 2023 at 08:28
A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The
☐ ☆ ✇ The Hacker News

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware

By Ravie Lakshmanan — May 25th 2023 at 06:03
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm (formerly Americium), has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections. Microsoft has attributed the threat actor to Iran's Ministry of
☐ ☆ ✇ WIRED

The Security Hole at the Heart of ChatGPT and Bing

By Matt Burgess — May 25th 2023 at 06:00
Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.
☐ ☆ ✇ The Hacker News

GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

By Ravie Lakshmanan — May 25th 2023 at 05:45
Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own tools and policy engines. GUAC aims to aggregate software security metadata from different sources
☐ ☆ ✇ The Register - Security

Five Eyes and Microsoft accuse China of attacking US infrastructure again

May 25th 2023 at 03:30

Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity

China has attacked critical infrastructure organizations in the US using a "living off the land" attack that hides offensive action among everyday Windows admin activity.…

☐ ☆ ✇ The Register - Security

This legit Android app turned into mic-snooping malware – and Google missed it

May 24th 2023 at 23:58

File-stealing nasty in my Play store? Preposterous!!1

Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code that listened in on device microphones.…

☐ ☆ ✇ WIRED

China Hacks US Critical Networks in Guam, Raising Cyberwar Fears

By Andy Greenberg, Lily Hay Newman — May 24th 2023 at 22:27
Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.
☐ ☆ ✇ The Register - Security

Philly Inquirer says Cuba ransomware gang's data leak claims are fake news

May 24th 2023 at 20:26

Now that's a Rocky relationship

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper.…

☐ ☆ ✇ Naked Security

Ransomware tales: The MitM attack that really had a Man in the Middle

By Paul Ducklin — May 24th 2023 at 17:59
Another traitorous sysadmin story, this one busted by system logs that gave his game away...

☐ ☆ ✇ The Hacker News

Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

By Ravie Lakshmanan — May 24th 2023 at 13:49
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected
☐ ☆ ✇ The Hacker News

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

By The Hacker News — May 24th 2023 at 10:51
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical
☐ ☆ ✇ The Hacker News

Data Stealing Malware Discovered in Popular Android Screen Recorder App

By Ravie Lakshmanan — May 24th 2023 at 10:33
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality
☐ ☆ ✇ The Hacker News

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

By Ravie Lakshmanan — May 24th 2023 at 10:00
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,"
☐ ☆ ✇ WeLiveSecurity

Digital security for the self‑employed: Staying safe without an IT team to help

By Phil Muncaster — May 24th 2023 at 09:30

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

The post Digital security for the self‑employed: Staying safe without an IT team to help appeared first on WeLiveSecurity

☐ ☆ ✇ The Register - Security

IT security analyst admits hijacking cyber attack to pocket ransom payments

May 24th 2023 at 08:30

Ashley Liles altered blackmail emails in bid to make off with £300,000 in Bitcoin

A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself.…

☐ ☆ ✇ The Hacker News

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

By Ravie Lakshmanan — May 24th 2023 at 07:30
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads
☐ ☆ ✇ The Hacker News

Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation

By Ravie Lakshmanan — May 24th 2023 at 06:54
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In
☐ ☆ ✇ The Register - Security

US bans North Korean outsourcer and its feisty freelancers

May 24th 2023 at 02:58

They do your work – usually from Russia and China – then send their wages home to pay for missiles

When businesses go shopping for IT services, North Korea-controlled companies probably struggle to make it into many lists.…

☐ ☆ ✇ The Register - Security

Apria Healthcare says potentially 2M people caught up in IT security breach

May 23rd 2023 at 23:58

Took two years to tell us 'small number of emails' accessed

Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company's networks over a series of months in 2019 and 2021.…

☐ ☆ ✇ WIRED

Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto

By Andy Greenberg — May 23rd 2023 at 19:02
And it's happening in plain sight.
☐ ☆ ✇ Naked Security

PyPI open-source code repository deals with manic malware maelstrom

By Paul Ducklin — May 23rd 2023 at 18:45
Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

☐ ☆ ✇ WIRED

There’s Finally a Way to Improve Cloud Container Registry Security

By Lily Hay Newman — May 23rd 2023 at 18:23
“Container registries” are ubiquitous software clearinghouses, but they’ve been exposed for years. Chainguard says it now has a solution.
☐ ☆ ✇ The Register - Security

Dish confirms 300,000 people's data was exposed in February's attack

May 23rd 2023 at 16:43

But don't worry – we know it was deleted. Hmm. How would you know that?

Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.…

☐ ☆ ✇ The Hacker News

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

By Ravie Lakshmanan — May 23rd 2023 at 15:30
Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,
☐ ☆ ✇ The Register - Security

TikTok to let Oracle view source code, algorithm, and content moderation

May 23rd 2023 at 14:36

It's all in the name of national security as Trump-era collab continues in Project Texas

TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and content moderation material to Oracle in a bid to allay data protection and national security concerns stateside.…

❌