CyberSecure Specialist

18 Feb

Spain Orders Extradition of British Alleged Hacker to U.S.

Information, News

Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement Friday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes such as revelation of secrets, membership of a criminal gang,…

Read More
17 Feb

These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia

Information

ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results ESET researchers identified a malware campaign that targets Chinese-speaking people in Southeast and East Asia by buying misleading advertisements to appear in Google search results that lead to downloading trojanized installers. The unknown attackers created fake websites that look identical to those of popular applications such as Firefox,…

Read More
17 Feb

Security amidst a global frost

Information

No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield As military and tech gather to address the frosty world defense conditions and what the intersection of technology’s role is with attendees at AFCEA West, it’s clear that the global warfighting world has changed. No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield, and that is…

Read More
17 Feb

EU parliamentary committee says ‘no’ to EU-US data privacy framework

Data Breaches, Malware, Social Engineering

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies. The committee’s decision — formally, a draft motion for a resolution— represents a rejection of the European Commission’s recommendation, announced in December, that the data privacy framework should be adopted. The recommendation stated…

Read More
17 Feb

New Protections for Food Benefits Stolen by Skimmers

Information, Insights

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023, which — for the first time ever — includes provisions for the replacement…

Read More
17 Feb

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

Attacks, Malware

The most effective way to defend systems against Miria and other botnet infections is to change the default password to a complex password that is unique to that device. It is also recommended to download and apply security patches when the official manufacturer releases them. https://www.bleepingcomputer.com/news/security/new-mirai-malware-variant-infects-linux-devices-to-build-ddos-botnet/

Read More
17 Feb

Hackers use Fake Certificate to Hide Attack

Attacks, Malware

Servers running the affected versions of these Fortinet products should be updated to a version that is not susceptible to these attacks. Whenever a product releases a security patch, it is important to test and implement the update as soon as possible to prevent attackers from being able to exploit vulnerabilities. A full list of affected product versions can be found in the source article. https://www.infosecurity-magazine.com/news/hackers-fake-emsisoft-certificate/

Read More
17 Feb

CISA Warns of Windows and iOS Bugs Exploited as Zero-days

Attacks, Malware

While CISA’s directive only applies to United States federal agencies, it is encouraged and best practice that organizations also follow this timeline to patch their vulnerabilities. In cybersecurity, a timely patching schedule is an important factor of securing an environment, as many threat actors will attempt to exploit recently released 0-days before organizations have a chance to patch them. On top of a timely patching schedule, it is also important to employ a defense-in-depth strategy.…

Read More
17 Feb

New Mirai botnet variant V3G4 targets Linux servers, IoT devices

Data Breaches, Malware, Social Engineering

A new variant of Mirai — the botnet malware used to launch massive DDoS attacks —has been targeting 13 vulnerabilities in IoT devices connected to Linux servers, according to researchers at Palo Alto Network’s Unit 42 cybersecurity team.  Once the vulnerable devices are compromised by the variant, dubbed V3G4, they can fully controlled by attackers and become part of a botnet, capable of being used to conduct further campaigns, including DDoS attacks.  “The vulnerabilities have…

Read More
17 Feb

Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks

Information, News

Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released. Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection. The impacted models have reached end-of-life (EOL) and are no longer supported by CommScope (the company that acquired Arris), meaning that they are unlikely…

Read More