CyberSecure Specialist

27 May

How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

Information

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool This week, ESET malware researcher Lukas Stefanko revealed how an initially legitimate Android app morphed into a malicious trojan that could steal users’ files and record surrounding audio from the device’s microphone and then exfiltrate it. The app, named iRecorder – Screen Recorder, was first listed in the Google Play Store in September 2021, with…

Read More
27 May

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

Information, News

Swiss industrial giant ABB confirmed this week that it was recently targeted in a ransomware attack and that the cybercriminals exfiltrated some data. The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation.  “ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating,…

Read More
26 May

Researchers find new ICS malware toolkit designed to cause electric power outages

Data Breaches, Malware, Social Engineering

Over the past few years state-sponsored attackers have been ramping up their capabilities of hitting critical infrastructure like power grids to cause serious disruptions. A new addition to this arsenal is a malware toolkit that seems to have been developed for red-teaming exercises by a Russian cybersecurity company. Dubbed COSMICENERGY by researchers from Mandiant, the malware can interact with remote terminal units (RTUs) and other operational technology (OT) devices that communicate over the specialized IEC…

Read More
26 May

Phishing Domains Tanked After Meta Sued Freenom

Information, Insights

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta. Image: Interisle Consulting. Freenom is the domain name…

Read More
26 May

Shedding light on AceCryptor and its operation

Information

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families In this blogpost we examine the operation of AceCryptor, originally documented by Avast. This cryptor has been around since 2016 and because – throughout its existence – it has been used to pack tens of malware families, many technical parts of this malware have already been described. You might already have read about this cryptor, which is…

Read More
26 May

S3 Ep136: Navigating a manic malware maelstrom

Information, Malware, Uncategorized

by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Cybercrime after cybercrime, some Apple updates, and an attack on a…

Read More
26 May

Elon Musk’s social security number allegedly leaked in Tesla data breach

Attacks, Data Breaches

Car manufacturer Tesla’s CEO, Elon Musk, may have had his social security number leaked in a data breach that saw 100GB of confidential information accessed. The Dutch data protection watchdog, Autoriteit Persoonsgegevens (DPA), has said that Tesla may have failed to protect confidential data from employees, customers and business partners. According to news publication Reuters, Tesla has been accused of failing to protect employee, customer and business partner data after 100GB of confidential information was…

Read More
26 May

Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation

Information, News

A recently identified ransomware operation called Buhti is using LockBit and Babuk variants to target both Linux and Windows systems, Symantec reports. Initially observed in February 2023, the Buhti operation, which Symantec calls Blacktail, has been rapidly expanding since mid-April, exploiting recent vulnerabilities for initial access, and relying on a custom tool to steal victim files. In a recent attack, the Buhti operators used a minimally modified version of the LockBit 3.0 (LockBit Black) ransomware…

Read More
26 May

Google Cloud Users Can Now Automate TLS Certificate Lifecycle

Information, News

Google on Thursday announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users, allowing them to automatically acquire and renew TLS certificates for free. The ACME protocol was designed to automate TLS certificate lifecycle through APIs that are supported by dozens of clients, and has become the standard for certificate management across the internet, with most TLS certificates in the WebPKI being issued by ACME certificate authorities. The protocol’s…

Read More
26 May

Zyxel Firewalls Hacked by Mirai Botnet

Information, News

A Mirai botnet variant has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.  The Taiwan-based networking device manufacturer informed customers about the security hole on April 25, when it announced the availability of patches for impacted ATP, VPN, USG Flex and ZyWALL/USG firewalls. The OS command injection vulnerability, found by Trapa Security, is caused by improper error message handling in some firewalls, and it could allow an unauthenticated attacker…

Read More