CyberSecure Specialist

Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities

The recently detailed Internet of Things (IoT) botnet Zerobot has been updated with an expanded list of exploits and distributed denial-of-service (DDoS) capabilities. Initially detailed two weeks ago, Zerobot is a self-replicating and self-propagating piece of malware written in the Golang (Go) programming language, which can target twelve device architectures. Fortinet, which first warned of the threat’s capabilities, analyzed two variants of the malware, one of which contained exploits targeting 21 known vulnerabilities, including the…

Read More

How carding can affect your business

This article explains what carding is, how hackers can gain access to payment details and the effects carding cyber attacks can have on businesses. In the first six months of 2022, there were 230,937 credit card fraud reports filed in the US alone, highlighting the growth of carding as a threat vector This article will explore carding, how it operates and the devastating effects it can have on ecommerce businesses. Contents:  What is carding and…

Read More

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent. “We have what some describe as…

Read More

Threat Actors Continue to Deploy Raspberry Robin

The primary attack vector has been infected USB drives which download a malicious MSI installer file that deploys the primary payload. Either msiexec.exe or wmic.exe are utilized as trusted installers. Some UBS drives have a configured autorun.inf file that will automatically run the payload, whereas others rely on social engineering to invite a targeted user to click on an associated .LNK file. The payload loader now deploys a decoy adware named BrowserAssistant in order to…

Read More

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

by Paul Ducklin When we woke up this morning, our cybersecurity infofeed was awash with “news” that Apple had just patched a security hole variously described a “gnarly bug”, a “critical flaw” that could leave your Macs “defenceless”, and the “Achilles’ heel of macOS”. Given that we usually check our various security bulletin mailing lists before even looking outside to check the weather, primarily to see if Apple has secretly unleashed a new advisory overnight……

Read More

Microsoft Pushes Emergency Fix for Windows Server Hyper-V VM Issues

These updates are not delivered through Windows Updates and will not install automatically on impacted servers. To get the standalone package, admins must search for the KB number in the Microsoft Update Catalog, download it, and install it manually. They can also be manually imported into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Microsoft also provides instructions on importing updates into WSUS and Configuration Manager from the Microsoft Update Catalog. “You do…

Read More

Ukraine’s DELTA Military System Users Targeted by Info-Stealing Malware

Phishing has continued to be one of the most common means of initial access for threat actors of all skill levels. In this instance, the actor was likely trying to steal credentials and information concerning the DELTA program in order to assist with counterintelligence. Protecting against phishing campaigns is often difficult as it takes just one user to fall victim to the campaign to be successful – it is even more difficult with advanced phishing…

Read More

Cyber Insurance Analytics Firm CyberCube Raises $50 Million

CyberCube, a provider of cyber risk analytics for insurance companies, this week announced that it has raised $50 million in a new funding round that brings the total raised by the firm to $105 million. The new investment round was led by Morgan Stanley, with participation from Forgepoint Capital, Hudson Structured Capital Management (Bermuda) Ltd., MTech Capital, and angel investors. Founded in 2015, the San Francisco-based CyberCube helps insurers and brokers understand their portfolios’ exposure…

Read More

Social media use can put companies at risk: Here are some ways to mitigate the danger

We live in a social world, but should our businesses? For many, the answer to that is increasingly no—that’s why laws and regulations have recently been put in place restricting access to some social media in certain situations because of the hidden risks of these seemingly innocuous platforms. The United States federal government and some US states, for example, have barred government-issued devices from the use of Chinese-owned TikTok, which allows users to create and…

Read More

The Equifax Breach Settlement Offer is Real, For Now

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money. One reader’s copy of their Equifax Breach…

Read More