Information

26 Feb

When Low-Tech Hacks Cause High-Impact Breaches

Information, Insights

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees…

Read More
25 Feb

A year of wiper attacks in Ukraine

Information

ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022 This blogpost presents a compiled overview of the disruptive wiper attacks that we have observed in Ukraine since the beginning of 2022, shortly before the Russian military invasion started. We were able to attribute the majority of these attacks to Sandworm, with varying degrees of confidence. The compilation includes attacks seen by ESET,…

Read More
25 Feb

One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe

Information

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? It’s been twelve months since Russia invaded Ukraine, and it’s a good time to pause and reflect on a few pertinent issues, including: How is the war playing out in cyberspace? Have the cyber-elements turned out as expected? More broadly, why is cyber a significant component of modern warfare? Importantly, make sure to check out our timeline of…

Read More
24 Feb

Who’s Behind the Botnet-Based Service BHProxies?

Information, Insights

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service. The BHProxies website. First identified in 2017 by the security firm Deep Instinct, Mylobot employs a number…

Read More
24 Feb

Watch on Demand: Attack Surface Management Summit

Information, News

As security teams look to foundational strategies to protect corporate assets, the reduction of attack surface throughout the organization has taken center stage. All sessions from SecurityWeek’s 2023 Attack Surface Management Summit are now available to watch on demand. If you missed any sessions, you can watch them now in the virtual conference center: Fireside Chat With Jason Chan, Former Netflix Security Chief What Our 2022 Data Reveals About the Most Pressing Exposures on Your Attack…

Read More
24 Feb

A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War

Information, News

Marking the first anniversary of Russia’s war against Ukraine, several cybersecurity companies have published reports summarizing the impact of various types of cyber operations, just as the United States has issued a fresh warning for the West.  In the weeks before and immediately after Russia launched its war against Ukraine on February 24, 2022, Russia appeared to intensify its attacks in cyberspace, with distributed denial-of-service (DDoS) attacks, disruptive wiper malware, and misinformation campaigns.  While everyone…

Read More
24 Feb

11 Countries Take Part in Military Cyberwarfare Exercise

Information, News

The biggest military cyberwarfare exercise in Western Europe took place recently in Estonia. A total of 34 teams from 11 countries took part in a live-fire cyber battle.  Countries such as the US, UK, Japan, India, Italy, Estonia, Ukraine, Ghana, Kenya and Oman were represented by 750 experts at the Defence Cyber Marvel 2 (DCM2) exercise. Many of them participated remotely.  The seven-day event, led by the British Army, tested the response of participants to…

Read More
24 Feb

WinorDLL64: A backdoor from the vast Lazarus arsenal?

Information

The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group ESET researchers have discovered one of the payloads of the Wslink downloader that we uncovered back in 2021. We named this payload WinorDLL64 based on its filename WinorDLL64.dll. Wslink, which had the filename WinorLoaderDLL64.dll, is a loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in…

Read More
24 Feb

S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

Information, Malware

by Paul Ducklin LEARNING FROM OTHERS The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or…

Read More
23 Feb

Stealthy Mac Malware Delivered via Pirated Apps

Information, News

Legitimate Mac software applications are being trojanized with malware and uploaded to Pirate Bay. From here, software pirates are downloading the apps and unknowingly infecting themselves. One example involves a stealthy implementation of XMRig cryptojacking malware; but the process could be used for other malware. XMRig on Macs is not new. Trend Micro analyzed a sample in February 2022: “We suspected that the Mach-O sample arrived packaged in a DMG (an Apple image format used…

Read More