CyberSecure Specialist

23 Feb

At least one open source vulnerability found in 84% of code bases: Report

Data Breaches, Malware, Social Engineering

At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that have been actively exploited, already have documented proof-of-concept exploits, or are classified as remote code execution vulnerabilities.  The vulnerability data…

Read More
23 Feb

Russian Authorities Claim Ukraine Hackers Are Behind Fake Missile Strike Alerts

Attacks, Malware

Although no one has claimed responsibility for the attack, if one actually took place, it is likely it was carried out by a pro-Ukrainian hacktivist group. Hacktivist groups have carried out multiple attacks on behalf of both Ukraine and Russia over the course of the conflict. Even though President Putin continues to erroneously blame the West and Ukraine for Russia’s invasion, multiple reports identified Russian backed cyber-attacks on Ukrainian organizations in the months leading up…

Read More
23 Feb

New S1deload Malware Hijacking Users’ Social Media Accounts and Mining Cryptocurrency

Attacks, Malware

Social media sites like Facebook are common vectors for threat actors to spread malware. Due to this, it is highly recommended to avoid downloading files from social media sites, particularly in cases where the source is unknown or untrusted. Even from known sources, it is recommended to carefully vet any links or files that are shared, as the source could be compromised. It is also recommended to maintain good endpoint security controls on all devices…

Read More
23 Feb

Ransomware Attack Affects Operations at Dole

Attacks, Malware

This situation highlights the potential impact of cyber attacks on the food supply chain, which is a critical infrastructure that requires secure and resilient systems. The disruption of food supplies can have severe consequences for public health and safety, as well as economic and social stability. The continuance of ransomware attacks against businesses that are part of critical infrastructure emphasizes the need for organizations to continue to invest in cybersecurity and risk management processes, people,…

Read More
23 Feb

Stealthy Mac Malware Delivered via Pirated Apps

Information, News

Legitimate Mac software applications are being trojanized with malware and uploaded to Pirate Bay. From here, software pirates are downloading the apps and unknowingly infecting themselves. One example involves a stealthy implementation of XMRig cryptojacking malware; but the process could be used for other malware. XMRig on Macs is not new. Trend Micro analyzed a sample in February 2022: “We suspected that the Mach-O sample arrived packaged in a DMG (an Apple image format used…

Read More
23 Feb

Darktrace launches AI-driven vulnerability detection, alert system Newsroom

Data Breaches, Malware, Social Engineering

AI-focused cybersecurity vendor Darktrace has announced the release of Newsroom, a new detection and warning system for critical vulnerabilities that uses open-source intelligence (OSINT) sources to identify threats posed to businesses. Newsroom leverages deep and AI-assisted knowledge of a customer’s external attack surface to gauge its exposure to detected vulnerabilities and provides a summary of exploits, affected software and assets within the organization, Darktrace stated. It also provides vulnerability mitigation guidance specific to businesses, while…

Read More
23 Feb

Stress pushing CISOs out the door

Data Breaches, Malware, Social Engineering

Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to the Gartner report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity professional unsustainable. This includes the knowledge that there are only two possible outcomes: get hacked or don’t. “The psychological impact…

Read More
23 Feb

ESET SMB Digital Security Sentiment Report: The damaging effects of a breach

Information

SMBs need to not only reduce their odds of being hit by an attack, but also implement processes that they can follow if their defenses are breached The prevalence of cyberattacks continues to rise, with our telemetry showing a 13% increase in cyberthreat detections in 2022 year-on-year. While the news tends to feature breaches involving major companies, it would be wrong to assume that only large enterprises are targeted by cybercriminals. Although these incidents grab…

Read More
23 Feb

Writing like a boss with ChatGPT and how to get better at spotting phishing scams

Information

It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality. In the wrong hands, the powerful chatbot (now also built into the Bing search engine) and technologies like it could…

Read More
23 Feb

NPM JavaScript packages abused to create scambait links in bulk

Information

by Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end. This satirical observation has flowed diretly into modern computer science, with CPUs that represent integers with the least significant bytes at the lowest memory addresses called little-endian (that’s…

Read More