CyberSecure Specialist

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

by Naked Security writer It looks like the sort of meeting room you might find in startups all over the world: diffuse lighting from windows down one wall, alongside a giant poster cityscape of New York’s Brooklyn Bridge, with the Manhattan skyline towering behind it. The difference in this case is that that the computer workstations around the room are there for a different sort of “entrepreneurial” venture, and the room is empty not because…

Read More

New Malware Campaign Uses Stolen Bank Information as Lure

Threat actors with access to stolen, sensitive data have many options to utilize this data in a malicious manner. In this case, the threat group decided to use confidential data as lures in phishing emails to carry out a second attack against victims. Whenever a company is alerted to a breach and makes it public, all customers who believe they may have had data compromised should remain vigilant to the use of this data in…

Read More

Recently Discovered Linux Malware Packs 30 Plugin Exploits for WordPress

WordPress is a very common website platform because it is free and easy to use, but this also makes it a more desirable target for threat actors. Keeping a WordPress site up to date is crucial. Fortunately, WordPress does have an automatic update feature which Binary Defense strongly recommends that users enable. Because many plug-ins are community created and distributed, often times critical updates can be slow to release, if an update comes at all.…

Read More

Netgear WiFi Routers Receive Update For Critical Vulnerability

Users of the above Netgear devices should update their firmware as soon as possible. Netgear support documentation provides update instructions for affected users: 1. Visit NETGEAR Support: https://www.netgear.com/support/2. Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.3. If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for…

Read More

Researcher Says Google Paid $100k Bug Bounty for Smart Speaker Vulnerabilities

Security researcher Matt Kunze says Google paid him a $107,500 bug bounty reward for responsibly reporting vulnerabilities in the Google Home Mini smart speaker. The issues, the researcher says, could have been exploited by an attacker within wireless proximity to create a rogue account on the device and then perform various actions. According to Kunze, the attacker could use the account to send remote commands to the device, over the internet, to access the microphone,…

Read More

PyTorch suffers supply chain attack via dependency confusion

Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps are not taken. “If you installed PyTorch nightly on Linux via pip between December 25, 2022, and December 30, 2022,…

Read More

LockBit apologizes for ransomware attack on hospital, offers decryptor

LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor.  SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital. The incident impacted some internal clinical and corporate systems, as well as…

Read More

Ransomware ecosystem becoming more diverse for 2023

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratization of ransomware is bad news for organizations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate…

Read More

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

by Paul Ducklin PyTorch is one of the most popular and widely-used machine learning toolkits out there. (We’re not going to be drawn on where it sits on the artifical intelligence leaderboard – as with many widely-used open source tools in a competitive field, the answer seems to depend on whom you ask, and which toolkit they happen to use themselves.) Originally developed and released as an open-source project by Facebook, now Meta, the software…

Read More

Cybersecurity trends and challenges to look out for in 2023

What are some of the key cybersecurity trends and themes that organizations should have on their radars in 2023? As another eventful year comes to a close, it’s time not only to take stock of and reflect on the defining moments of 2022, but especially to look ahead to the challenges that are likely to persist or emerge in the new year. The increasing geopolitical complexity, upheaval and uncertainty, along with high economic volatility and…

Read More