For a second-straight week, we have a short-handed booth for the Kaspersky Transatlantic Cable podcast. With Ahmed and Dave off, Jag and I share the mic for the first time as a duo. To kick things off, we discuss how the Lazarus group turned a fake job offer into a $600M hack into Axie Infinity. From there, we head show more ...
into a partial code share from Vice on the Anom app. For those who may have forgotten, this was a secure phone system that was orchestrated by the FBI to draw in criminals doing illicit activities. Our third story is quite the head-scratcher as a CEO has been arrested for selling counterfeit CISCO equipment to companies and government entities. The curious part was not just that it was fake equipment, but it was something that was sold on eBay and Amazon. We then head to India where a flood control system has been hit with ransomware. What makes this worse is that the region is in monsoon season. To close out the podcast, we head to San Francisco where Cruise has seen some issues with its autonomous cars stopping and causing traffic havoc. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: A Fake Job Offer Reportedly Led to Axie Infinitys $600M Hack This Is the Code the FBI Used to Wiretap the World CEO Arrested for Selling $1 Billion in Fake Cisco Hardware on Amazon, eBay Ransomware attack hits Goas flood monitoring system; demand crypto as payment Cruises Robot Car Outages Are Jamming Up San Francisco
Online fraudsters are continuing to use the names of famous people and companies to scam cryptocurrency users. This time the scammers are exploiting the brand name Nvidia, the US developer of GPUs that are particularly popular among crypto enthusiasts. Many devices for cryptocurrency mining were created on the basis show more ...
of their GPUs. Next year Nvidia turns 30, and its common practice for companies to celebrate round-number anniversaries. The scammers took advantage of this by arranging fake cryptocurrency giveaways. Unheard-of generosity The fraudsters created a fake website supposedly dedicated to Nvidias 30th anniversary, and announced a large bitcoin giveaway there. On the splash screen of the fake website visitors see the company logo (albeit purple, not the usual green) and the name of its CEO, Jensen Huang. Visitors are asked here to select a category to take part in the event. In fact, theres nothing to choose from: under the invitation theres only a single big button with the words Bitcoin giveaway. Splash screen of the fake Nvidia website After clicking the button, the user is taken to a page with detailed information about the mythical giveaway. At first glance the page looks convincing: theres a photo of the CEO and additional menu sections, all nicely designed. But instead of the Nvidia logo theres a Bitcoin icon, plus numerous grammatical errors in the text — something a serious company wouldnt permit. Here, purportedly on behalf of Mr. Huang and Nvidia, the cybercriminals announce a giveaway of 50,000 BTC (worth more than a billion US dollars at the time of writing). One of the main conditions for taking part is that users themselves must first make a contribution, like buying a lottery ticket. The scammers promise that the participant will immediately get double their money back, not to mention the prospect of winning the 50,000 BTC. The address of the cryptowallet to which they should make a transfer is given in the instructions for participants. And at the very bottom of the page is an online broadcast of the winnings paid out by the organizers. Fake website page with information about the giveaway To reinforce the impression of a legitimate website, the scammers set up a fake Nvidia support chat. Its not clear who responds to users messages — the criminals themselves or a robot. Fake support chat on the website Curiously, if you enter the address of the scammers cryptowallet on blockchain.com, it turns out that some money has actually been transferred thereto — a total of 0.42 BTC (worth more than $8000 at the time of writing). Its unknown who sent the funds: it could be victims or the scammers themselves, for example, to check if the wallet is working or to pretend to be lottery participants. In any case, theres no trace of the reported 50,000 BTC, and no hint of double-your-money paybacks. The scammers cryptowallet If its good enough for Elon! Cryptocurrency scams in which fraudsters use the names of celebrities or well-known brands are quite common and embody varying degrees of sophistication. For example, scammers have tried to lure Twitter users to fake cryptocurrency handouts masquerading as Elon Musk, Bill Gates or Pavel Durov. More complex schemes involve fake-news websites with stories of famous people who supposedly got even richer than they already are by investing in cryptocurrency in a certain way. Those wishing to emulate their success followed links to fake websites about cryptocurrency investments. There, victims were persuaded to deposit a certain amount of money into the cybercriminals account, and when they did they had their personal data stolen. How to protect yourself? It can be really hard to resist a tempting offer. To avoid unpleasant situations, we recommend you keep some simple safety rules in mind: Do not blindly trust information just because it appears to come from a celebrity or well-known brand. Double-check all information from secondary sources on official websites. Do not click on links of unknown origin, such as in e-mails. Its better to look for important information yourself using a search engine. Keep your cool at the sight of contests, giveaways or lotteries offering a fortune; also be very wary when urged to act urgently or youll lose money — this is another common cybercriminal trick. Learn to spot online scammers; this post will help you recognize the most common signs of fraud. Use a reliable security solution that warns you about suspicious websites.
A callback phishing campaign is impersonating renowned cybersecurity organizations, revealed CrowdStrike. Adversaries then inform their clients about a fake network breach in their system and urge the recipients to call a particular number. Organizations are advised to always stay vigilant and contact cybersecurity firms via their official website.
The Smoke Bot software contains a large number of features that make it easy for the attacker to install and maintain persistent processes, perform DDoS attacks on various resources, and mine for Monero (XMR).
DDoS operations in the region have skyrocketed over the last five months, and are increasingly targeting commercial interests, but analysts say their impact on the battlefield has been negligible.
The targeting apparently came in the form of a Distributed Denial of Service (DDoS) attack, during which website servers are overwhelmed by near-simultaneous requests to connect.
Security researchers warn of vulnerabilities that affect the protocol for radio-controlled (RC) drones, named ExpressLRS, which can be exploited to take over unmanned vehicles.
The university and the CIA have entered an agreement to study how artificial intelligence and machine learning applications (AIML) can be used to detect and deter malicious agents that infiltrate computer networks.
The malware, named 'Autolycos,' was discovered by Evina's security researcher Maxime Ingrao to be in at least eight Android applications, two of which are still available on the Google Play Store at the time of reporting.
The Irish Data Protection Commission (DPC), TikTok’s lead privacy regulator for the European Union’s General Data Protection Regulation (GDPR), said the “pause” follows “engagement” between the oversight office and the tech giant yesterday.
CISA has given government agencies three weeks, until August 2nd, to patch the actively exploited CVE-2022-22047 vulnerability and block ongoing attacks that could target their systems.
Windows 7 went out of support in 2020, but Microsoft recognized that many enterprises were quite happy where they were. For a fee, it made Extended Security Updates (ESU) available, which would at least deal with security patches.
On July 10, Deakin University became aware of an incident in which a staff member’s username and password were hacked and used by an unauthorized person to access information held by a third-party provider.
The Department of Homeland Security Science & Technology Directorate wants to encourage tech companies to develop automated software bill of materials tools offering more visibility into supply chains.
The company released the technical details for the security issue, tracked as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.
The attack starts with a spear phishing email with a geo-political theme. The spear phishing emails were themed around the India-Afghanistan relationship. The attacker used politics as a lure to trick users into clicking on a malicious link.
X.org has released a bunch of updates, including fixes for two security holes, which affects Wayland users too. A batch of updates to X.org's suite of X11 servers and components just appeared.
Attack chains documented by Cisco Talos involve delivering a maldoc to the targets either as an attachment or a link to a remote location via a spear-phishing email, ultimately leading to the deployment of CrimsonRAT.
The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization.
Upon execution, Lilith attempts to terminate processes that match entries on a hardcoded list, including Outlook, SQL, Thunderbird, Steam, PowerPoint, WordPad, Firefox, and more.
The new measures involve promoting cyber resilience among small- and medium-sized enterprises. That would apply to "critical infrastructure," businesses involved in transport, food, health, energy, and water supply.
The phishing kit leads users through a set of pages aimed at collecting information that can later be used to steal the victims’ identity and perform money laundering, open cryptocurrency accounts, make fraudulent tax return claims, and much more.
Google Play Protect on Android now detects and disables previously downloaded versions of the fake WhatsApp apps, and the Google Play store shouldn’t experience any threat from these apps.
Most critical services companies are struggling to secure their industrial internet of things (IIoT)/operational technology (OT) systems and acknowledge the need to invest more heavily in these areas, said a report from Barracuda Networks.
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operation. The latest decryptor tackles Hive's newer, better-encrypted version.
The largest chunk of cybersecurity spending, $11.2 billion, would go to the Defense Department, followed by $2.9 billion for the Cybersecurity and Infrastructure Security Agency, or CISA.
German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of its July 2022 Security Patch Day.
The Series B funding brings the total raised by the Phoenix, Arizona-based Bishop Fox to $100 million and underscores a surge in big bets by venture capital investors on the fast-growing continuous attack surface management category.
The gang has launched several high-profile attacks, including OilTanking GmbH in January and Swissport in February. Most recently, BlackCat targeted Florida International University and the University of North Carolina A&T.
Russia-based Killnet group has been bombarding Latvia with a series of cyberattacks, including a 12-hour attack on one of its broadcasting centers. Hackers made a demand that Lithuania must allow transit of goods to Kaliningrad if they wanted to avoid more attacks on their government institutions and private businesses.
Malicious actors are leveraging GitHub Actions (GHA) and Azure virtual machines (VMs) for cloud-based cryptocurrency mining. Over 1,000 repositories and 550 code samples were spotted abusing GitHub Actions to mine cryptocurrency. Due to this, the cost of electricity to the target organization increased from $20 up to show more ...
$130 per month. Early detection of possible exploits in a cloud environment is very important to stop such attacks before they cause any major damage.
Ubuntu Security Notice 5519-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 5520-1 - It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5518-1 - It was discovered that the eBPF implementation in the Linux kernel did not properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Marvell show more ...
NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5517-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was show more ...
discovered that the virtio RPMSG bus driver in the Linux kernel contained a double-free vulnerability in certain error conditions. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 5516-1 - It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution.
Ubuntu Security Notice 5515-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Jann Horn discovered that the FUSE file system in show more ...
the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5514-1 - It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service. Duoming Zhou show more ...
discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5513-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth show more ...
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5473-2 - USN-5473-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 ESM. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle.
Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.
The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News.
Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated
Although there is a greater awareness of cybersecurity threats than ever before, it is becoming increasingly difficult for IT departments to get their security budgets approved. Security budgets seem to shrink each year and IT pros are constantly being asked to do more with less. Even so, the situation may not be hopeless. There are some things that IT pros can do to improve the chances of
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to
A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and show more ...
Carole Theriault, joined this week by Anna Brading. Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.
Turn on a PC running Microsoft Windows 8.1 and you're likely to be greeted with a full-screen message warning that the operating system will no longer be supported after 10 January 2023, and - critically - will no longer be receiving any security updates.
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.
Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! IT and DevOps teams were presented with new challenges with the mass-migration to home working, and found themselves forced to perform infrastructure monitoring and management remotely. show more ...
What is clearly needed is a … Continue reading "Keeper Connection Manager : Privileged access to remote infrastructure with zero-trust and zero-knowledge security"