CyberSecure Specialist

24 Mar

Bitter APT Targeting Chinese Nuclear Energy Organizations

Attacks, Malware

While largely targeting organizations in the APAC region, this company has also been seen targeting organization in Europe, indicating that they may pivot to compromise organizations worldwide in the future. As the initial compromise in this campaign stems from phishing, the best prevention is to provide adequate user education into the latest phishing campaigns. However, this is not adequate as all it takes is one phishing attachment to slip through the cracks and get executed…

Read More
24 Mar

Watch Out for These Tax Season Scams

Attacks, Malware

The IRS provided excellent tips for protecting against these types of scams: • File early. OK. The ship may have already sort of sailed on this one, but the earlier you file, the less time cybercriminals have to use your identity to commit fraud.• Watch out for phishing and smishing. The IRS won’t send unsolicited emails or texts. Skip the links and attachments and go straight to the IRS or the applicable state and city…

Read More
24 Mar

Decoy Installers Used to Deploy AresLoader by Russian Hacktivists

Attacks, Malware

Some defensive measures can be taken to lessen the likelihood of infection by AresLoader and other malware strains alike, including: 1. Be cautious when downloading and installing software: AresLoader malware is being spread through deceptive software installers, so it’s important to be careful when downloading and installing new software. Only download software from reputable sources and be wary of any installers that look suspicious or untrustworthy. 2. Keep software up to date: Cybercriminals often exploit…

Read More
24 Mar

Cyberpion rebrands as Ionix, offering new EASM visibility improvements

Data Breaches, Malware, Social Engineering

SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering. Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix’s system will feature new abilities such as extending visibility into connected assets and shadow IT, and scoring risks based on possible blast radius. “Along with the rebrand comes…

Read More
24 Mar

Android-based banking Trojan Nexus now available as malware-as-a-service

Data Breaches, Malware, Social Engineering

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware…

Read More
24 Mar

IOTW: BreachForums shuts down after FBI arrests its top admin

Attacks, Data Breaches

Notorious dark web hacking forum BreachForums is reportedly shutting down following the arrest of one of its top administrators by the United States’ Federal Bureau of Information (FBI). The administrator of the site, who went by ‘Pompompurin’ on the site and was named as Conor Brian Fitzpatrick by the FBI, was allegedly arrested by the Bureau on March 15 on suspicion of hosting and running the forum. BreachForums was thought to be the reincarnation of…

Read More
23 Mar

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Information

by Paul Ducklin DELETED DATA THAT JUST WON’T GO AWAY The mobile phone bugs that Google kept quiet, just in case. The mysterious case of ATM video uploads. When redacted data springs back to life. No audio player below? Listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are…

Read More
23 Mar

Google suspends Pinduoduo app over malware concerns

Malware

Google has suspended Chinese agricultural e-commerce app Pinduoduo from Google Play after versions of the app found outside the Google store were flagged as having malware issues. A Google spokesperson told Reuters that the app had been suspended over “security concerns”, adding that “Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect”, in other words, software that prevents the installation of malicious or harmful…

Read More
23 Mar

Russian hacktivists deploy new AresLoader malware via decoy installers

Data Breaches, Malware, Social Engineering

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted AresLoader in November when it was advertised by a user with the monikers AiD Lock and DarkBLUP on Telegram and two…

Read More
23 Mar

CISA, NSA Issue Guidance for IAM Administrators

Information, News

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week announced new guidance for identity and access management (IAM) administrators. A framework for the management of digital identities, IAM covers the business processes, policies, and technologies that ensure user access to data. The basis for proper IAM involves inventorying, auditing, and tracking user identities and access, which represent daunting but necessary operations, especially with state-sponsored groups successfully exploiting vulnerabilities in…

Read More