CyberSecure Specialist

06 Apr

Typhon Info-Stealing Malware Devs Upgrade Evasion Capabilities

Attacks, Malware, Uncategorized

Typhon, a C# based information stealing malware that was first discovered in mid-2022, has had a new version released by the threat actors behind it. Dubbed Typhon Reborn, the new malware has a heavily modified codebase from its original version, containing many new features and evasive techniques. String obfuscation techniques, using Base64 and XOR, within the malware payloads has improved, making it more difficult to analyze samples. A wide range of checks, such as looking…

Read More
06 Apr

YouTube Phishing Scam Luring Users Into Providing Credentials

Attacks, Malware, Uncategorized

A new phishing scam on YouTube has been uncovered, where hackers are using authentic-looking email addresses to trick users into giving away their account login information. The scam starts with a fraudulent email claiming to be from YouTube’s support team, stating that the user’s account is in violation of the platform’s policies and will be suspended if the issue is not resolved. The email contains a link that appears to take the user to YouTube’s…

Read More
04 Apr

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Information, Insights

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. The domain seizures coincided with more than a hundred arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Several websites…

Read More
03 Apr

The Importance of Transparency – Fueling Trust and Security Through Communication

Insights

Credit: Shutterstock Who needs to know ‘What,’ ‘When,’ and ‘How’ to tell them The Challenge There are many challenges to providing and maintaining cybersecurity in today’s connected world. While product developers increasingly consider security as they design and build products, they may not always communicate critical cybersecurity information about their connected products. Information gaps present a challenge to stakeholders—especially customers—who have limited insight into the security processes, functions and features that protect connected products, components,…

Read More
30 Mar

IOTW: Latitude Financial data breach affects 14 million people

Attacks, Data Breaches

Australian financial services company, Latitude Financial, has suffered a large-scale data break that exposed the personal information for more than 14 million customers. The breach was initially discovered on March 16, but was originally thought to have affected a fraction of the customers actually impacted by the cyber attack. How did the Latitude Financial data breach happen? The data breach was initially reported by Latitude Financial on March 16, after unusual activity was detected on…

Read More
29 Mar

Twitter source code leaked via GitHub

Attacks, Data Breaches

Part of the source code for social media site Twitter has been leaked via source code repository GitHub, according to a DMCA takedown request. The DMCA request stated that the code leaked included “proprietary source code for Twitter’s platform and internal tools”. Following the DMCA request, the code was taken down. The source code was leaked by a user under the screen name ‘FreeSpeechEnthusiast’. It is unclear how long the source code was available for,…

Read More
24 Mar

Understanding Managed Detection and Response – and what to look for in an MDR solution

Information

Why your organization should consider an MDR solution and five key things to look for in a service offering The threat landscape is evolving at breakneck speed and corporate cyberattack surfaces expand, with many trends and developments kicked into overdrive as a result of the surge in digital transformation investments during and after the COVID-19 pandemic. But the growth of the attack surface often results in a gap between attackers and defenders – across skills,…

Read More
24 Mar

WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

Information

by Paul Ducklin Security holes in WordPress plugins that could allow other people to poke around your WordPress site are always bad news. Even if all you’re running is a basic setup that doesn’t have customer accounts and doesn’t collect or process any personal information such as names and email addresses… …it’s worrying enough just knowing that someone else might be messing with your content, promoting rogue links, or publishing fake news under your name.…

Read More
24 Mar

Critical flaw in WooCommerce can be used to compromise WordPress websites

Data Breaches, Malware, Social Engineering

WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. “Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites,” researchers from web security firm Sucuri said in…

Read More
24 Mar

Tesla Hacked Twice at Pwn2Own Exploit Contest

Information, News

Researchers at French offensive hacking shop Synacktiv have demonstrated a pair of successful exploit chains against Tesla’s newest electric car to take top billing at the annual Pwn2Own software exploitation contest. Pwn2Own organizers confirmed the successful hacks exploited flaws in the Tesla-Gateway and Tesla-Infotainment sub-systems to “fully compromise” a new Tesla Model 3 vehicle. The first Tesla hack, described as a TOCTOU (time-of-check to time-of-use) race condition, earned the hackers a $100,000 cash prize and…

Read More