CyberSecure Specialist

11 Mar

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

Information

by Paul Ducklin Chinese “fast fashion” brand SHEIN is no stranger to controversy, not least because of a 2018 data breach that its then-parent company Zoetop failed to spot, let alone to stop, and then handled dishonestly. As Letitia James, Attorney General of the State of New York, said in a statement at the end of 2022: SHEIN and [sister brand] ROMWE’s weak digital security measures made it easy for hackers to shoplift consumers’ personal…

Read More
11 Mar

CISA has added two new…

Attacks, Insights, Malware

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-5741 Plex Media Server Remote Code Execution Vulnerability CVE-2021-39144 XStream Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational…

Read More
10 Mar

IceFire Ransomware Now Encrypts Both Linux and Windows Systems

Attacks, Malware

This new encryptor demonstrates the shift of many threat actors to target Linux systems. It is necessary for organizations to pivot to ensure that their Linux devices are adequately covered by behavioral as well as signature-based detections. One way that this could be done is by looking for a large number of file renames in quick succession, although this detection would be at the end of the kill chain. Overall, it is best to ensure…

Read More
10 Mar

Business Email Compromise (BEC) Attacks Only Take Hours According to Microsoft

Attacks, Malware

To prevent BEC attacks, Microsoft recommends implementing security measures such as two-factor authentication, using machine learning to identify suspicious activity, and educating employees about the risks and warning signs of BEC attacks. The report also emphasizes the importance of swift action when an attack is detected, as time is a critical factor in preventing further damage. Source: https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Read More
10 Mar

Xenomorph Android Malware Now Steals Banking Data

Attacks, Malware

Considering its current distribution channel, the Zombinder, users should be cautious with apps they install from Google Play, read reviews, and run background checks on the publisher. Generally, it is advisable to keep the number of apps running on your phone to the minimum possible and only install apps from known and trustworthy vendors. Source: https://www.bleepingcomputer.com/news/security/xenomorph-android-malware-now-steals-data-from-400-banks/

Read More
10 Mar

Silicon Valley Bank Seized by FDIC as Depositors Pull Cash

Information, News

The Federal Deposit Insurance Corporation seized the assets of Silicon Valley Bank on Friday, marking the largest bank failure since Washington Mutual during the height of the 2008 financial crisis. The bank failed after depositors — mostly technology workers and venture capital-backed companies — began withdrawing their money creating a run on the bank. Silicon Valley was heavily exposed to tech industry and there is little chance of contagion in the banking sector as there…

Read More
10 Mar

New variant of the IceFire ransomware targets Linux enterprise systems

Data Breaches, Malware, Social Engineering

A novel Linux version of the IceFire ransomware that exploits a vulnerability in IBM’s Aspera Faspex file-sharing software has been identified by SentinelLabs, a research division of cybersecurity company  Sentinel One. The exploit is for CVE-2022-47986, a recently patched Aspera Faspex vulnerability. Known up to now to target only Windows systems, the IceFire malware detected by SentinelLabs uses an iFire extension, consistent with a February report from MalwareHunterTeam — a group of independent cybersecurity researchers analyzing…

Read More
10 Mar

What are DDoS attacks?

Attacks, Data Breaches

Distributed denial of service attacks, or DDoS attacks, see malicious actors attempt to disrupt a site by overwhelming its infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing it.  Here, Cyber Security Hub explores why malicious actors launch DDoS attacks, who they usually target and some key examples of these disruptive attacks.  Contents  Why do malicious actors launch DDoS attacks? How big was the…

Read More
10 Mar

S3 Ep125: When security hardware has security holes [Audio + Text]

Information

by Paul Ducklin YOU MUST HAVE THIS CHIP! EVEN IF IT HAS BUGS! Memories of Michelangelo (the virus, not the artist). Data leakage bugs in TPM 2.0. Ransomware bust, ransomware warning, and anti-ransomware advice. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.…

Read More
10 Mar

Fortinet has released its March…

Attacks, Insights, Malware

Fortinet has released its March 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the Fortinet March 2023 Vulnerability Advisories page for more information and apply the necessary updates. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.

Read More