Our streak of a two-man booth for the Kaspersky Transatlantic Cable podcast continues, with Ahmed and me kicking things off in the cryptocurrency world. More specifically, we discuss some proposed legislation in the EU that would remove a level of anonymity for all transactions. While we have some fun with the topic, show more ...
this is something that has been brewing and will be an interesting topic to follow. From there, we discuss Borat – unfortunately not the Sacha Baron Cohen flick – a new RAT making the rounds in criminal circles. For our third story, we put on our tinfoil hats and talk about some new patents from the US Navy that, well lets face it, sound a lot like alien technology. To close out the podcast, we discuss the metaverse and a newish system that seems a lot like a pyramid scheme. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: EU draft law adds security checks to all crypto transactions Borat RAT: Multiple threat of ransomware, DDoS and spyware S. Navy Has Patents on Tech It Says Will Engineer the Fabric of Reality The Metaverse Has Bosses Too. Meet the Managers of Axie Infinity
Threat actors frequently use OSINT to perform reconnaissance. Secureworks CTU researchers identified several APIs that access the internal information of any organization that uses Azure AD.
The hacker disguised the phishing email as a payment notification from a trusted bank and asked the recipient to open the attached Excel file that is protected by a password.
The attacks took place between August last year and March, sources said. The investigation found the data passing in and out of Indian Load Despatch Centres to the Chinese state-sponsored C2 servers spread across the world, researchers said.
Since Russia’s invasion of Ukraine, Distributed Denial of Secrets team has been inundated with files that hacktivists say they’ve stolen from Russian banks, energy companies, government agencies and media companies.
The most critical of the vulnerabilities, with a CVSS score of 9.1, is CVE-2022-26851. Affected versions of the PowerScale OneFS software contain “a predictable file name from observable state”.
In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 (AppleAVD bug) and CVE-2022-22674 (Intel Graphics Driver bug) in macOS Monterey were not backported to macOS Big Sur or macOS Catalina.
The Pig Butchering scam pulls on heartstrings and purse strings. The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money.
According to Palo Alto Networks, the CVE-2022-0778 vulnerability can be exploited by remote attackers to trigger a denial of service condition and crash vulnerable devices.
The researchers say the APT-C-23 group, alongside MoleRATs, are subset APTs of the Hamas cyberwarfare division and are working to benefit the Palestinian political group.
The report complements previous findings from NCC Group, which found the bankbot posing as antivirus apps to carry out unauthorized transactions via Automatic Transfer Systems (ATS).
Kaspersky claims that at least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool we call Fendr and which has only been observed in BlackMatter activity.
"The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command-and-control (C2) of the underlying botnet," the DoJ said in a statement Wednesday.
A security configuration error exposed millions of internal records traced back to Fox News, including personally identifiable information on employees, researchers have claimed.
The XM Cyber research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-prem, multi-cloud and hybrid environments.
Lithuania-based Nord Security has raised $100 million in its first ever outside capital funding with a financing round led by Novator Ventures, and participation from Burda Principal Investments and General Catalyst.
FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites. When installing these downloads, FFDroider will also be installed, but disguised as the Telegram desktop app to evade detection.
Cyble discovered a new RAT, dubbed Borat. With a builder, feature modules, and a server certificate, it offers ransomware and DDOS attack services. It is not known whether Borat is being sold or freely shared among cybercriminals. While analyzing the campaign and digging into its origin, a researchers group discovered the payload executable to be AsyncRAT, depicting a connection between the two.
In the past few days, several attackers have been observed exploiting new zero-day vulnerabilities in commonly used software products by Google, Apple, and others. Apple has released emergency fixes for two zero-day flaws. Trend Micro fixed a high-severity vulnerability in its Apex Central. Meanwhile, Google recently fixed a high-severity zero-day bug in the Google Chrome.
An Android spyware impersonates a process manager app to target users and steal their data. While analyzing the spyware, the research team discovered that it downloads additional payloads to compromised devices. Organizations and users are suggested to always monitor and review the app permissions in their phones.
A Mirai variant called Beastmode was found exploiting disclosed vulnerabilities in TOTOLINK routers. Attackers abused five new exploits within a month. Beastmode has also added some older bugs for a variety of routers from different vendors, all rated 9.8 on the CVSS scale. TOTOLINK device users are suggested to visit the vendor's download center to apply updates.
Deep Panda was found exploiting Log4Shell to deploy the new Fire Chili rootkit in compromised networks of organizations in the travel, finance, and cosmetic industries. Fire Chili helps keep file operations, registry key additions, processes, and malicious network connections concealed from the user and security software running on the targeted machine.
Ubuntu Security Notice 5369-1 - It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host show more ...
virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.
Ubuntu Security Notice 5368-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the network traffic control implementation show more ...
in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5366-1 - It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. It was discovered that FriBidi incorrectly show more ...
validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code.
ICEHRM version 31.0.0.0S cross site request forgery exploit that demonstrates account deletion. This finding varies from the original finding of cross site request forgery in the same software from the same researcher.
Red Hat Security Advisory 2022-1254-01 - An update for python-waitress is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include a HTTP request smuggling vulnerability.
VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager
The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used
During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on
As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it
Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an
A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said
A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and
There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.
A new report shows that not only has there been a substantial increase in the percentage of companies that pay ransoms, but that the average size of ransomware payments has also increased significantly. Read more in my article on the Tripwire State of Security blog.