Welcome to the 290th episode of the Kaspersky Transatlantic Cable podcast. In this episode, we kick things off with a discussion on how ransomware gangs are taking new leaps to extort money. Spoiler alert you arent going to like it one bit. From there, we jump into a discussion surrounding the booming black market in show more ...
DDoS cyberattack campaigns from the pro-Russian group have spiked significantly.
CISOs can and should push back when they're presented with budget costs that affect the business. Here's how.
The "underreported" APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness.
The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity.
Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.
A more holistic model beyond MITRE et al is needed to help defenders better identify and understand commonalities in different online threat campaigns, the Facebook parent company says.
If the approaches stand up to scrutiny, companies may soon be able to encrypt most databases in a way that allows using data without needing to decrypt to plaintext.
Check Point Research laid bare tech details of the dotRunpeX injector that delivers a range of known malware families such as AgentTesla,AsyncRat, AveMaria/WarzoneRAT, BitRAT, Formbook, and more. The first-stage loaders are primarily delivered via phishing emails that contain malicious attachments in the form of .iso, .img, .zip, or .7z files.
The judgment by the Amsterdam District Court said Facebook Ireland, custodians of Dutch users’ personal details, not only used the data for advertising but also passed it to third parties without properly informing people or the right legal grounds.
What makes this scam stand out is it preys on customers tweeting to their banks—such as to raise a complaint or request assistance. But these customers instead receive a reply from the scammer, via a quote-tweet, luring them to call a fake helpline.
Understanding the ongoing changes to data privacy regulations is challenging enough for CISOs and their teams. Implementing the needed changes as they occur only adds complexity and confusion.
To protect themselves from significant losses, cybercriminals use regulatory mechanisms, such as escrow services (aka middlemen, intermediaries, or guarantors), and arbitration.
The top three ransomware gangs linked to attacks targeting critical infrastructure last year, based on the number of attacks, were Lockbit (149), ALPHV/BlackCat (114), and Hive (87).
A new hacker group, named YoroTrooper, was found targeting European nations and organizations in a cyberespionage campaign that started in June 2022. The attack begins with phishing emails with malicious shortcut files (LNK), along with legitimate PDF documents related to national development strategy, used as decoys.
The sooner security practitioners become proactive in understanding the business side of their organizations, and the industry overall, the better they will be able to do their jobs and build the innovations that change the industry for the better.
SILKLOADER joins other loaders such as KoboldLoader, MagnetLoader, and LithiumLoader that have been recently discovered incorporating Cobalt Strike components. It also shares overlaps with LithiumLoader in that both employ the DLL sideloading method.
The Chancellor of the Duchy of Lancaster, Oliver Dowden, confirmed the plans to ban TikTok earlier today after Cabinet Office Ministers ordered a security review of the app.
Attackers mining digital assets via others’ infrastructure seem to have found a new boost with Dero cryptocurrency, revealed Crowdstrike. Since February, the operation has reportedly launched attacks against the Kubernetes environment of three U.S.-based servers. Threat actors potentially deployed over 4,000 miner instances during this campaign.
Recently linked campaigns reveal that Winter Vivern has targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government.
MKS Instruments is facing a class action lawsuit in California in connection with a February ransomware attack that forced the company to suspend part of its manufacturing capacity, according to the company’s annual 10-K filing with the SEC.
Researchers at Google’s Project Zero discovered a total of eighteen vulnerabilities. The four most severe of these (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for an Internet-to-baseband RCE attack.
Titled Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Architecture, the document is meant to help federal agencies securely integrate cloud-based solutions with existing on-premises infrastructure.
Kaspersky researchers analyzed a cache of 258 private keys released by threat actors on a hacking forum. They found them to be associated with a Conti variant they discovered in December 2022. However, it had been circulating since at least August.
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems, according to Cado Security.
On Tuesday, NorthStar Emergency Paramedic Services took to its website to report the problem and mailed physical letters to patients who may have been impacted by the breach. The company said they became aware of the potential intrusion in September.
The Meta approach starts from the assumption that despite the asynchronous nature of attacks, there are still meaningful commonalities, especially where those commonalities can be abstracted from the platform or hardware being attacked.
Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows. The malware can switch cryptocurrency wallet addresses sent in chat messages with attackers' wallet addresses.
The number of business email compromise (BEC) incidents doubled last year and replaced ransomware as the most prolific cybercrime category, according to Secureworks. Ransomware detections reportedly declined by 57%.
The most notable shift observed in BianLian attacks recently is its move away from ransoming encrypted files, and towards data-leak extortion as a means to extract payments from victims.
Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. With reverse tabnabbing, on the other hand, attackers can actually rewrite the source page after a victim clicks a malicious link.
The exposed database contained users' sensitive information, including screenshots of "Chat Messages" showing deposits and withdrawal amounts, KYC compliance records, identification images, transaction hashes, and wallet addresses.
ESET researchers found that the Tick cyberespionage group compromised an East Asian Data-Loss Prevention (DLP) company in 2021 and used a wide range of tools in similar attacks. In one of its campaigns, it used a tampered version of a legitimate app called Q-Dir to drop an open-source VBScript backdoor named ReVBShell.
As of late November 2022, Microsoft and other security firms identified a new form of ransomware, called “Sullivan”, deployed against Ukrainian targets, in addition to the “Prestige” ransomware Russia deployed in Ukraine and Poland in October 2022.
After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts.
This PowerShell script (KB5025175) simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.
Open Web Analytics (OWA) versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes.
Debian Linux Security Advisory 5356-2 - One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue.
There is an intra-object overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the Service Area List message (IEI = 0x27).
Ubuntu Security Notice 5959-1 - It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts.
Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access.
Ubuntu Security Notice 5962-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute show more ...
There is a heap buffer overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the Operator-defined access category definitions message (IEI = 0x76).
B-Sides Ljubljana will be held June 16, 2023 in Ljubljana, Slovenia.
Debian Linux Security Advisory 5375-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.
There is a heap buffer overflow in Shannon baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the "Extended emergency number list" message (IEI = 0x7A).
Ubuntu Security Notice 5961-1 - It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 show more ...
There is a heap buffer overflow in Shannon baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the "Emergency number list" message (IEI = 0x34).
This write up is an overview of how Microsoft's attempts to manage elevated access to executables via registry entries has added over complexity that still allows for escalation.
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared with The
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of
Think of the typical portrayal of a cyberattack. Bad guy pounding furiously on a keyboard, his eyes peeking out from under a dark hoodie. At long last, his efforts pay off and he hits the right combination of keys. "I'm in!" he shouts in triumph. Clearly, there are many problems with this scenario – and it's not just the hoodie. What's even more inaccurate is that most cyber attackers today do
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Yet, and probably unsurprisingly, this browser prominence has significantly increased the number of
An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said.
Security researchers have released a new decryption tool which should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Read more in my article on the Tripwire State of Security blog.
Well, this isn’t good. Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.
