Security

0 Comments
Security researchers are warning of a new phishing campaign which tries to hurry users into making poor decisions by presenting them with a countdown clock. Cofense recently spotted the credential harvesting campaign, which arrives in the form of an alert email about a non-existent ‘suspicious login’ to their account. Purporting to come from a fake
0 Comments
A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday. Nadler said three hostile actors had breached the Public Access to Court Electronic Records
0 Comments
A bill designed to increase visibility of foreign ransomware attackers has passed in the US House of Representatives. The Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (also known as the RANSOMWARE Act) will make it easier for the US to respond to ransomware attacks from foreign
0 Comments
by Paul Ducklin If you’ve ever watched a professional plumber at work, or a plasterer, or a bricklayer, or the people who deftly use those improbably long sticks to craft paper-thin pancakes the size of a bicycle wheel… …you’ve probably had the same thoughts that we have. I could do that. I really could. But
0 Comments
Spanish and Romanian police have joined forces to take down a gang suspected of earning at least €3m ($3.1) from internet scams. Spanish National Police arrested three suspects in the southern city of Malaga while their Romanian counterparts cuffed six, following a multi-year investigation, according to Europa Press. They are accused of publishing false adverts
0 Comments
Applications have opened for the next cohort of the NCSC For Startups program, which is looking for early-stage companies focused on protecting the UK’s critical national infrastructure from cyber threats. The program, launched in 2021, is run by the UK’s National Cyber Security Centre (NCSC) in partnership with Plexal. A successor to the NCSC Cyber Accelerator, the
0 Comments
Criminals are using malicious bots to steal information from victims via the popular Telegram and Discord messaging services, said a report this week. Some bots can be rented for as little as $25 a day. The bot-based malware steals credentials, including virtual private network (VPN) client logins, payment card information, cryptocurrency wallets, operating system data,
0 Comments
The UK’s National Crime Agency (NCA) seized millions of pounds’ worth of cryptocurrency last year as part of its efforts to crack down on money laundering and serious and organized crime (SOC). The NCA, which is the UK agency dedicated to tackling SOC, revealed in its latest annual report that during the period April 1
0 Comments
This week HP released their report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back, exploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis. The report’s findings showed how cybercrime is being supercharged through “plug and
0 Comments
Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials. A music program on “at least one” out of TAVR Media’s stations – one of Ukraine’s largest radio networks – was interrupted by the false reports just after midday on July 21. The so-far unidentified
0 Comments
The number of ransomware victims in the second quarter was over a third lower than Q1 2022, thanks in part to the halt in operations from the prolific Conti group, according to GuidePoint Security. The firm’s quarterly ransomware report was based on data obtained from publicly available resources, including postings by threat groups on their data
0 Comments
by Paul Ducklin Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. The relevant security bulletins, update numbers, and where to find them online are as follows: APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346 APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345 APPLE-SA-2022-07-20-3: macOS
0 Comments
Russian adversaries are taking advantage of trusted cloud services, including DropBox and Google Drive to deliver malware to businesses and governments, according to new research. Cloaked Ursula – AKA the Russian government-linked APT29 or Cozy Bear – is increasingly using popular online storage services because it makes attacks difficult to detect and prevent, researchers at Palo Alto
0 Comments
Security researchers have found a new macOS backdoor being used in targeted attacks to steal sensitive information from victims. The threat has been named “CloudMensis” by ESET because it exclusively uses public cloud storage services to communicate with its operators. Specifically, it leverages pCloud, Yandex Disk and Dropbox to receive commands and exfiltrate files, according to
0 Comments
The Tor Project has updated its flagship anonymizing browser to make it easier for users to evade government attempts to block its use in various regions. Tor Browser 11.5 will “transform the user experience of connecting to Tor from heavily censored regions,” according to the US-based non-profit that manages the open source software. It replaces
0 Comments
This week the US Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report into the December 2021 Log4j event, where a number of vulnerabilities were reported with this Java-based logging framework. The report’s methodology included a mixture of interviews and requests for information over a 90-day period, engaging with approximately 80 organizations and individuals
0 Comments
by Paul Ducklin It’s prime vacation season in the Northern Hemipshere, and in some countries, July and August aren’t just months when some people take some days off, but a period of extended family holidays, often involving weeks away from home or on the road. The good news, of course, is that if you’ve had
0 Comments
Enterprises are failing to plan properly for supply chain risks and cybersecurity threats from the wider digital ecosystem, a leading technology consultancy has warned. According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that