Information

01 Jun

Serious Security: That KeePass “master password crack”, and what we can learn from it

Information

by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down), and given that the master password to your password manager is pretty much the key to your whole digital castle,…

Read More
01 Jun

Russia Blames US Intelligence for iOS Zero-Click Attacks

Information, News

Russian anti-malware vendor Kaspersky on Thursday said it discovered an APT actor launching zero-click iMessage exploits on iOS-powered devices in its corporate network. Kaspersky’s disclosure comes on the same day Russia’s Federal Security Service (FSB) blamed US intelligence agencies for an ongoing spy campaign targeting thousands of iOS devices belonging to domestic subscribers and foreign diplomatic missions. The FSB, the Russian security agency that succeeded the Soviet KGB, said iPhones belonging to diplomats from NATO…

Read More
31 May

Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme

Information

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys They hacked into corporate emails, stole money from people and businesses, and tricked others into transferring the loot. Nigerian nationals Solomon Ekunke Okpe and Johnson Uke Obogo ran a sophisticated fraud scheme that caused up to US$1 million in losses to victims. A US court recently sentenced the duo to four years and…

Read More
31 May

Serious Security: Verification is vital – examining an OAUTH login bug

Information

by Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-buildin toolkit known as Expo. The good news is that Expo responded really quickly to SALT’s bug report, coming up with a fix within just a few hours of SALT’s responsible disclosure. Fortunately, the fix didn’t rely on customers downloading anything, because the patch was implemented inside…

Read More
31 May

Breaking Enterprise Silos and Improving Protection

Information, News

As networks become atomized, the need for specialization comes into play. Infrastructure is spread across legacy, on-premises, hybrid, multi-cloud, and edge environments. Organizations have security operations center (SOC), network, cloud operations, and in some cases operational technology (OT) teams all tasked with keeping the business up and running and secure. And each team consists of subject matter experts with specialized levels of knowledge and specific tools that they use. When capabilities, nomenclature, constructs, and available…

Read More
30 May

Discord Admins Hacked by Malicious Bookmarks

Information, Insights

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. This attack involves malicious Javascript that is added to one’s browser by dragging a component from a web page to one’s browser bookmarks. According to interviews with victims, several of the attacks began with an interview request from someone posing as a reporter for a…

Read More
27 May

How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

Information

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool This week, ESET malware researcher Lukas Stefanko revealed how an initially legitimate Android app morphed into a malicious trojan that could steal users’ files and record surrounding audio from the device’s microphone and then exfiltrate it. The app, named iRecorder – Screen Recorder, was first listed in the Google Play Store in September 2021, with…

Read More
27 May

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

Information, News

Swiss industrial giant ABB confirmed this week that it was recently targeted in a ransomware attack and that the cybercriminals exfiltrated some data. The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation.  “ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating,…

Read More
26 May

Phishing Domains Tanked After Meta Sued Freenom

Information, Insights

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta. Image: Interisle Consulting. Freenom is the domain name…

Read More
26 May

Shedding light on AceCryptor and its operation

Information

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families In this blogpost we examine the operation of AceCryptor, originally documented by Avast. This cryptor has been around since 2016 and because – throughout its existence – it has been used to pack tens of malware families, many technical parts of this malware have already been described. You might already have read about this cryptor, which is…

Read More