Information

15 Jun

Android GravityRAT goes after WhatsApp backups

Information

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT is a remote access tool known to be used since at least 2015 and previously used in targeted attacks against India. Windows, Android, and macOS versions are available, as previously documented by…

Read More
15 Jun

S3 Ep139: Are password rules like running through rain?

Information, Malware

by Paul Ducklin DON’T GET INTO THE HABIT OF A BAD HABIT Magnetic core memory. Patch Tuesday and SketchUp shenanigans. More MOVEit mitigations. Mt. Gox back in the news. Gozi malware criminal imprisoned at last. Are password rules like running through rain? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify,…

Read More
15 Jun

CISA, NSA Share Guidance on Hardening Baseboard Management Controllers

Information, News

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published new guidance to help organizations harden baseboard management controllers (BMCs). Typically part of a motherboard, a BMC is a specialized service processor used for monitoring the physical state of a system, server, or other device, collecting information such as temperature, voltage, humidity, and fan speeds. Operating separately from the operating system and the system’s firmware (such as BIOS and UEFI),…

Read More
15 Jun

CISA Order Highlights Persistent Risk at Network Edge

Information, Insights

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances. Under a new order from the Cybersecurity and Infrastructure Security Agency (CISA), federal agencies will have 14 days to respond to any reports from CISA about misconfigured or…

Read More
14 Jun

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes

Information

by Paul Ducklin No zero-days this month, if you ignore the Edge RCE hole patched last week (make sure you’ve got that update, by the way): For a full list of this month’s Microsoft Patch Tuesday fixes, take a look at our sister site Sophos News, where SophosLabs analysts have collated complete lists of the the numerous Microsoft CVEs that were fixed this month: Just the way you like it Helpfully, our researchers have created…

Read More
14 Jun

Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine

Information, News

Security researchers at Microsoft are publicly outing a new APT group linked to Russia’s General Staff Main Intelligence Directorate (GRU), warning that the threat actor has worked on destructive wiper malware attacks that hit organizations in Ukraine. A new report from Redmond’s threat intelligence team tagged the group as ‘Cadet Blizzard’ and documented signs and evidence that adds clarity to the scope and usage of malware in a wartime environment. “[The] emergence of a novel…

Read More
13 Jun

Microsoft Patch Tuesday, June 2023 Edition

Information, Insights

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products. June’s Patch Tuesday features updates to plug at least 70 security holes, and while none of…

Read More
13 Jun

Cyber insurance: What is it and does my company need it?

Information

While not a ‘get out of jail free card’ for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident Cyber risk is on the rise as the combined impact of surging threat levels, expanding attack surfaces and security skills shortages are putting organizations at a disadvantage. Faced with an increased likelihood that they may suffer a damaging security breach, many may be looking to transfer liability onto a third-party…

Read More
13 Jun

Gozi banking malware “IT chief” finally jailed after more than 10 years

Information, Malware

by Paul Ducklin Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently kicked off way back in the late 2000s: Those charges were publicised at that time under a…

Read More
13 Jun

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks

Information, News

Microsoft’s security response team on Tuesday rolled out a massive batch of software updates to address major security gaps in its flagship Windows operating system and software components. Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks. According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild. Windows network administrators are…

Read More