CyberSecure Specialist

10 May

Google Now Lets US Users Search Dark Web for Their Gmail ID

Information, News

Gmail users in the US can now run scans to find out whether their Gmail ID appears on the dark web, Google announced today at Google I/O, its annual developer conference. The feature was initially announced in March, when the internet giant released it for Google One users only. It allows users to run scans and receive a report informing them whether their information, including name, address, email address, phone number, and Social Security number,…

Read More
10 May

IBM unveils end-to-end, quantum-safe tools to secure business, government data

Data Breaches, Malware, Social Engineering

Technology giant IBM has debuted a new set of tools and capabilities designed as an end-to-end, quantum-safe solution to secure organizations and governmental agencies as they head toward the post-quantum computing era. Announced at its annual Think conference in Orlando, Florida, Quantum Safe technology combines expertise across cryptography and critical infrastructure to address the potential future security risks that quantum computing poses, according to the company. IBM also unveiled the Quantum Safe Roadmap to guide…

Read More
10 May

International security agencies warn of Russian “Snake” malware threat

Data Breaches, Malware, Social Engineering

Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets. “Snake malware” and its variants have been a core component in Russian espionage operations carried out by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, according to the security notice. Identified in infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia,…

Read More
10 May

Evil digital twins and other risks: the use of twins opens up a host of new security concerns

Data Breaches, Malware, Social Engineering

The use of digital twins — virtual representations of actual or envisioned real-world objects — is growing. Their uses are multifold and can be incredibly helpful, providing real-time models of physical assets or even people or biological systems that can help identify problems as or even before they occur. Grand View Research has predicted that the global digital twin market, valued at $11.1 billion in 2022, will grow at a 37.5% compound annual growth rate…

Read More
10 May

Make them pay: Hackers devise new tactics to ensure ransomware payment

Data Breaches, Malware, Social Engineering

Ransomware remains one of the biggest cybersecurity threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang, Conti, in May 2022, it was assumed that ransomware attacks would see a major decline. However, Tenable found that 35.5% of breaches in 2022 were the result of a ransomware attack,…

Read More
09 May

Microsoft Patch Tuesday, May 2023 Edition

Information, Insights

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May’s zero-day flaws is CVE-2023-29336, which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. However, as the SANS Internet Storm Center points out, the…

Read More
09 May

Evasive Panda APT group delivers malware via updates for popular Chinese software

Information

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software ESET researchers have discovered a campaign that we attribute to the APT group known as Evasive Panda, where update channels of legitimate applications were mysteriously hijacked to deliver the installer for the MgBot malware, Evasive Panda’s flagship backdoor. Key points of the report: Users in mainland China…

Read More
09 May

How the war in Ukraine has been a catalyst in private‑public collaborations

Information

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital A number of security practitioners, policymakers, law enforcement professionals and other experts from various countries will gather in Warsaw, Poland, tomorrow to discuss how the public and private sectors are dealing with heightened cybersecurity risks following Russia’s invasion of Ukraine last year. Ahead of the event,…

Read More
09 May

ESET APT Activity Report Q4 2022­–Q1 2023

Information

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023 ESET APT Activity Report Q4 2022–Q1 2023 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. Attentive readers will notice that a small portion of the report also mentions some events previously covered in APT Activity Report…

Read More
09 May

S3 Ep132: Proof-of-concept lets anyone hack at will

Information

by Paul Ducklin 2FA, HACKING, AND PATCHING No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Remote code execution, remote code execution, and 2FA codes in the…

Read More