Information

07 Mar

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

Information

by Naked Security writer You’ve almost certainly heard of the ransomware family known as DoppelPaymer, if only because the name itself is a reminder of the double-barrelled blackmail technique used by many contemporary ransomware gangs. To increase the pressure on you to pay up, so-called double-extortionists not only scramble all your data files so your business stops running, but also steal copies of those files to use as extra leverage. The idea is that if…

Read More
06 Mar

Cyberattack Hits Major Hospital in Spanish City of Barcelona

Information, News

A ransomware cyberattack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of 150 nonurgent operations and up to 3,000 patient checkups, officials said Monday. The attack Sunday on the Hospital Clinic de Barcelona shut down computers at the facility’s laboratories, emergency room and pharmacy at three main centers and several external clinics. “We can’t make any prediction as to when the system will be back up…

Read More
06 Mar

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

Information, News

German industrial automation solutions provider Wago has released patches for several of its programmable logic controllers (PLCs) to address four vulnerabilities, including ones that can be exploited to take full control of the targeted device. The vulnerabilities were discovered by Ryan Pickren from the Georgia Institute of Technology’s Cyber-Physical Security Lab. The issues were identified by the researcher as part of a PhD project on the security of industrial control systems (ICS). Pickren previously earned…

Read More
04 Mar

EPA Mandates States Report on Cyber Threats to Water Systems

Information, News

The Biden administration on Friday said it would require states to report on cybersecurity threats in their audits of public water systems, a day after it released a broader plan to protect critical infrastructure against cyberattacks. The Environmental Protection Agency said public water systems are increasingly at risk from cyberattacks that amount to a threat to public health. “Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable,”…

Read More
04 Mar

What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe

Information

A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their analysis of BlackLotus that caused them to conclude that the bootkit they had discovered in the wild is indeed the…

Read More
04 Mar

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Information

by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA), which dubs itself “America’s Cyber Defense Agency”, has just put out a public service annoucement under its #StopRansomware banner. This report is numbered AA23-061a, and if you’ve slipped into the habit of assuming that ransomware is yesterday’s threat, or that other specific cyberattacks should be at the top of your list in 2023, then it is well worth reading. The risks you introduce by…

Read More
03 Mar

Thousands of Websites Hijacked Using Compromised FTP Credentials

Information, News

Cloud security startup Wiz warns of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials. In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials, and used them to hijack the victim websites to redirect visitors to adult-themed content. Likely ongoing since September 2022, the campaign has resulted in the compromise of at least 10,000 websites, many owned by small companies…

Read More
03 Mar

MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT

Information

ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that we can trace back to early January 2023. Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects. Mustang Panda is…

Read More
03 Mar

S3 Ep124: When so-called security apps go rogue [Audio + Text]

Information

by Paul Ducklin A ROGUES’ GALLERY Rogue software packages. Rogue “sysadmins”. Rogue keyloggers. Rogue authenticators. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Scambaiting, rogue 2FA…

Read More
02 Mar

Highlights from the New U.S. Cybersecurity Strategy

Information, Insights

The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests. The strategy says the…

Read More