Episode 271 kicks off with talk around a recent story suggesting that a third of children have adult social media accounts, in an attempt to access the full version of social sites. From there, discussion moves over to talk about TikTok and third-party tracking – something readers with long memories will remember show more ...
In this episode of the Security Ledger podcast, brought to you by ReversingLabs, we interview Danny Adamitis (@dadamitis) of Black Lotus Labs about the discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks. As always, show more ...
Tens of thousands of organizations each year are now affected by a hack involving Cobalt Strike, warned HHS. Apart from using Cobalt Strike, threat actors are using PowerShell, Mimikatz, Sysinternals, Brute Ratel, and Anydesk against healthcare facilities. State-sponsored threat actors, mostly the ones located in Russia, Vietnam, China, and Iran are leading the chart in the misusing Cobalt Strike.
India's minister of state for electronics and information technology to extend the deadline to comply with sweeping new information security reporting rules that were imposed as an essential national defense mechanism.
Threat actors behind the IcedID malware have been found using a variety of propagation methods, including changing the management of C2 server IPs, in their phishing campaigns. The attackers were found registering fresh domains for C2, instead of relying on the old ones.
The fully remote company was founded in 2021 by ex-AlienVault software engineers Russell Spitler and Jaime Blasco, who believe the only way to address the “people problem” is to make employees part of the solution.
The hospital system detected a ransomware attack that led to three days of reduced functionality at the Barcelona hospitals Dos de Maig and Creu Roja de l'Hospitalet and the nearby Moisès Broggi facility in Sant Joan Despí.
To use the new RSS feed feature, you need to install an RSS Feed reader, whether a desktop application, mobile app, or browser extension. Once you subscribe to the feed, you will automatically receive notifications when Microsoft adds a new CVE.
SEO spam was the most common infection seen in our remote scan data, followed by injected malware. SEO spam infections also happen to be one of the most common types of malware found during remediation cleanup.
Characterizing it as a multi-vector attack consisting of UDP and TCP floods, researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. The entire 2.5 Tbps attack lasted about 2 minutes.
The issue, tracked as CVE-2022-40684 (CVSS score: 9.6), concerns an authentication bypass vulnerability that could allow a remote attacker to perform malicious operations on the administrative interface via specially crafted HTTP(S) requests.
Advanced informed that no data was taken from the other products it hosts, and it has “recovered the limited amount of data” that the crooks swiped from the infected systems.
The incident happened in late March 2022 and the breached systems contained LDS church members' basic contact information but did not include banking history or other financial information associated with donations.
The integration of Hardenize’s unique ASM capabilities enables the Red Sift platform to gain a comprehensive view of an organization’s digital footprint, allowing customers to better understand and protect their entire critical attack surface area.
The phishing campaign uses the coding technique to obfuscate phishing sites to make them appear legitimate to the end user as well as fool security gateways. The messages direct a user to a link that directs them to a credential-harvesting page.
Ransomware attacks on industrial targets continue to rise, accounting for more than half of all malware on industrial endpoints. They have also become highly sophisticated, able to exploit long unpatched vulnerabilities as well as zero-days.
Security researchers have found that sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active.
The attack chain begins when the user visits a website controlled by the attackers, designed to look like legitimate websites and services that victims are tricked into visiting in one of a number of ways.
A ransomware attack delivered by fake Windows 10 and antivirus software updates is targeting home users, using sneaky techniques to stay undetected before encrypting files and demanding a ransom payment of thousands of dollars.
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after cybercriminals leaked documents stolen from the government of Colombia.
Security researchers at WithSecure, previously F-Secure Business, found that it is possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365 due to the use of a weak block cipher mode of operation.
A ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims.
Researchers are drawing attention to Microsoft's use of the algorithm because Microsoft-encrypted email could betray their senders under conditions in which an adversary can gather large volumes of messages.
It was found that the oil and gas industry averaged 6 days for system outages due to cyberattacks, one day longer than five days for other industries. In addition, 65% of respondents said that the system stopped for more than four days.
A malicious version of the popular WhatsApp messaging app was found dropping an Android trojan known as Triada. Named YoWhatsApp, the unofficial app offers the ability to lock chats, send texts to unsaved numbers, and customize using different themes. It is spread to users via fraudulent ads on Snaptube and Vidmate.
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler.
Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware.
Over 80,000 drone IDs were exposed in a data leak after a database containing information from dozens of airspace monitoring devices manufactured by the Chinese-owned DJI was left accessible to the public.
Microsoft is reportedly looking into reports of a new zero-day bug abused to hack Exchange servers which were later used to launch Lockbit ransomware attacks. Recently, two more zero-days tracked under the moniker ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) were chained by attackers to gain remote code execution on servers with elevated privileges.
Chinese state-sponsored cyberattacks pose a growing threat to the national security of the United States, according to a recent research report from consultancy firm Booz Allen Hamilton.
The education sector experienced a 44% increase in cyber-attacks when compared to 2021, with an average of 2297 attacks against organizations every week, according to Check Point’s 2022 Mid-Year Report.
A new attack and C2 framework, dubbed Alchimist, was found capable of targeting Linux, macOS, and Windows systems. It can run arbitrary commands and perform remote shellcode execution. These kinds of frameworks have high quality, rich features, good detection evasion capabilities, and effective implant-dropping functions.
A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said. "Additionally, a user can
Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. "The entire 2.5 Tbps attack lasted about 2 minutes,
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information,
With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide — and that number is still growing. The situation means that
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all
For the past year, hackers have been following close behind businesses and families just waiting for the right time to strike. In other words, 2022 has been an eventful year in the threat landscape, with malware continuing to take center stage. The 6 Nastiest Malware of 2022 Since the mainstreaming of ransomware show more ...
