Information

08 Mar

Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials

Information

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information ESET researchers have identified an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users – presumably with a military or political orientation. Victims were probably targeted through a honey-trap romance scam, where they were initially contacted on another platform and then convinced to use supposedly “more secure” apps, which…

Read More
08 Mar

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

Information

by Paul Ducklin Even if you’re not entirely sure what a TPM is, you’ll probably know that if you want to run Windows 11, you need one. More precisely, you need a TPM 2.0 (although there’s an official Microsoft workaround to get by with TPM 1.2, the previous, incompatible version of the technology). TPM is short for trusted plaftorm module, a encryption-and-cybersecurity gizmo that was invented by an industry grouping known as the TCG, short…

Read More
07 Mar

Sued by Meta, Freenom Halts Domain Registrations

Information, Insights

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains. Freenom’s website features a message saying it is not currently allowing new registrations. Freenom is the domain name registry service…

Read More
07 Mar

Pre-Deepfake Campaign Targets Putin Critics

Information, News

Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. According to a report from Proofpoint, TA499 targets US and European politicians, and leading businessmen and celebrities who have spoken out against Putin’s invasion. The primary purpose is to persuade the victims to take part in phone calls or video chats from which pro-Putin snippets can be elicited and published – thereby…

Read More
07 Mar

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

Information

by Naked Security writer You’ve almost certainly heard of the ransomware family known as DoppelPaymer, if only because the name itself is a reminder of the double-barrelled blackmail technique used by many contemporary ransomware gangs. To increase the pressure on you to pay up, so-called double-extortionists not only scramble all your data files so your business stops running, but also steal copies of those files to use as extra leverage. The idea is that if…

Read More
06 Mar

Cyberattack Hits Major Hospital in Spanish City of Barcelona

Information, News

A ransomware cyberattack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of 150 nonurgent operations and up to 3,000 patient checkups, officials said Monday. The attack Sunday on the Hospital Clinic de Barcelona shut down computers at the facility’s laboratories, emergency room and pharmacy at three main centers and several external clinics. “We can’t make any prediction as to when the system will be back up…

Read More
06 Mar

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

Information, News

German industrial automation solutions provider Wago has released patches for several of its programmable logic controllers (PLCs) to address four vulnerabilities, including ones that can be exploited to take full control of the targeted device. The vulnerabilities were discovered by Ryan Pickren from the Georgia Institute of Technology’s Cyber-Physical Security Lab. The issues were identified by the researcher as part of a PhD project on the security of industrial control systems (ICS). Pickren previously earned…

Read More
04 Mar

EPA Mandates States Report on Cyber Threats to Water Systems

Information, News

The Biden administration on Friday said it would require states to report on cybersecurity threats in their audits of public water systems, a day after it released a broader plan to protect critical infrastructure against cyberattacks. The Environmental Protection Agency said public water systems are increasingly at risk from cyberattacks that amount to a threat to public health. “Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable,”…

Read More
04 Mar

What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe

Information

A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their analysis of BlackLotus that caused them to conclude that the bootkit they had discovered in the wild is indeed the…

Read More
04 Mar

Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Information

by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA), which dubs itself “America’s Cyber Defense Agency”, has just put out a public service annoucement under its #StopRansomware banner. This report is numbered AA23-061a, and if you’ve slipped into the habit of assuming that ransomware is yesterday’s threat, or that other specific cyberattacks should be at the top of your list in 2023, then it is well worth reading. The risks you introduce by…

Read More