CyberSecure Specialist

02 Jun

S3 Ep137: 16th century crypto skullduggery

Information

by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Password manager cracks, login bugs, and Queen Elizabeth I versus…

Read More
02 Jun

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

Information

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in uppper case as a BACKDOOR. The good news is that this seems to be a legitimate feature that has been badly implemented, so it’s not a backdoor…

Read More
02 Jun

Attackers use Python compiled bytecode to evade detection

Data Breaches, Malware, Social Engineering

Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime. “It may be the first supply chain attack to…

Read More
02 Jun

Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer

Data Breaches, Information, News

Point32Health, the second-largest health insurer in Massachusetts, is in the process of informing more than 2.5 million individuals that their personal and protected health information was stolen in a recent ransomware attack. Identified on April 17 and initially disclosed on April 20, the attack impacted systems related to Point32Health’s Harvard Pilgrim Health Care, and resulted in the exfiltration of data pertaining to both current and former health plan subscribers and dependents. Between March 28 and…

Read More
02 Jun

MOVEit Transfer vulnerability is being exploited widely

Data Breaches, Malware, Social Engineering

Progress has discovered a vulnerability in file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory.  “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine being used (MySQL, Microsoft…

Read More
02 Jun

MOVEit Transfer vulnerability appears to be exploited widely

Data Breaches, Malware, Social Engineering

Progress Software has discovered a vulnerability in its file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory.  “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine being used…

Read More
01 Jun

CommonSpirit Health reports that ransomware attack cost $160 million

Attacks, Data Breaches

Catholic health system and nonprofit hospital chain CommonSpirit Health has said that a ransomware attack it suffered in October 2022 cost the company US$160 million. Ransomware attacks against healthcare companies are becoming all too common, with one in 42 healthcare organizations worldwide being the victim of ransomware attacks in the final quarter of 2022. With the average cost of a ransomware attack in the US reaching $9.44mn in 2022, the impact of these cyber attacks…

Read More
01 Jun

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Information, Insights

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for…

Read More
01 Jun

5 free OSINT tools for social media

Information

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms Social media sites are a near-bottomless source of information that almost anyone can use for security and intelligence research, as well as for marketing campaigns. The platforms allow anybody to learn more about other people, their interests, experiences and affiliations, while organizations can easily scour the sites to gain insights…

Read More
01 Jun

All eyes on APIs: Top 3 API security risks and how to mitigate them

Information

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The application programming interface (API) is an unsung hero of the digital revolution. It provides the glue that sticks together diverse software components in order to create new user experiences. But in providing a direct path to back-end databases, APIs are also an attractive target for threat actors. It…

Read More