CyberSecure Specialist

09 May

Evasive Panda APT group delivers malware via updates for popular Chinese software

Information

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software ESET researchers have discovered a campaign that we attribute to the APT group known as Evasive Panda, where update channels of legitimate applications were mysteriously hijacked to deliver the installer for the MgBot malware, Evasive Panda’s flagship backdoor. Key points of the report: Users in mainland China…

Read More
09 May

How the war in Ukraine has been a catalyst in private‑public collaborations

Information

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital A number of security practitioners, policymakers, law enforcement professionals and other experts from various countries will gather in Warsaw, Poland, tomorrow to discuss how the public and private sectors are dealing with heightened cybersecurity risks following Russia’s invasion of Ukraine last year. Ahead of the event,…

Read More
09 May

ESET APT Activity Report Q4 2022­–Q1 2023

Information

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023 ESET APT Activity Report Q4 2022–Q1 2023 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. Attentive readers will notice that a small portion of the report also mentions some events previously covered in APT Activity Report…

Read More
09 May

S3 Ep132: Proof-of-concept lets anyone hack at will

Information

by Paul Ducklin 2FA, HACKING, AND PATCHING No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Remote code execution, remote code execution, and 2FA codes in the…

Read More
09 May

Google wins court order to force ISPs to filter botnet traffic

Information

by Naked Security writer A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google. Google, it seems, decided to use its size, influence and network data to say, “No more!”, based on evidence it had collected about a cybergang known loosely as the CryptBot crew, whom Google claimed were: Ripping off Google product names, icons and…

Read More
09 May

Low-level motherboard security keys leaked in MSI breach, claim researchers

Information

by Paul Ducklin About a month ago, we wrote about a data breach notification issued by major motherboard manufacturer MSI. The company said: MSI recently suffered a cyberattack on part of its information systems. […] Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business. […] MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official…

Read More
09 May

Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days

Information, News

Microsoft on Tuesday announced patches for 40 newly documented vulnerabilities in its products, including two zero-day flaws. One of the zero-days, CVE-2023-29336, is described as an elevation of privilege bug in the Win32k driver. Successful exploitation could allow an attacker to gain System privileges. Microsoft has shared no information on the attacks exploiting this vulnerability, but such issues are typically combined with code execution flaws to spread malware, according to Trend Micro’s Zero Day Initiative…

Read More
09 May

Cybersecurity stress returns after a brief calm: ProofPoint report

Data Breaches, Malware, Social Engineering

Global cybersecurity concerns are returning to pandemic levels as 68% of CISOs from 16 countries said they fear a cyberattack in the next 12 months, according to a ProofPoint survey. “With the disruption of the pandemic now largely behind us, the return to normal operations may imply that CISOs can breathe easier, but the opposite is true,” said Lucia Milică Stacy, Global Resident CISO of Proofpoint. “Compared with last year, CISOs are feeling less prepared…

Read More
09 May

Feds Take Down 13 More DDoS-for-Hire Services

Information, Insights

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters. Booter services are advertised through a variety of methods, including Dark Web forums, chat platforms and even youtube.com. They accept…

Read More
09 May

Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices

Data Breaches, Malware, Social Engineering

Endpoint security vendor Malwarebytes has announced the release of Mobile Security for OneView to enable managed service providers (MSPs) to protect Chromebooks, Android, and iOS devices against mobile threats such as ransomware and malicious apps. MSPs can now use the Malwarebytes OneView platform to monitor their customers’ mobile phones and tablets alongside their servers, workstations, and laptops, the firm said. They can prevent accidental access to harmful websites, safeguard against malicious apps, block unwanted in-app…

Read More