Information

03 Mar

Thousands of Websites Hijacked Using Compromised FTP Credentials

Information, News

Cloud security startup Wiz warns of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials. In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials, and used them to hijack the victim websites to redirect visitors to adult-themed content. Likely ongoing since September 2022, the campaign has resulted in the compromise of at least 10,000 websites, many owned by small companies…

Read More
03 Mar

MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT

Information

ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol ESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that we can trace back to early January 2023. Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects. Mustang Panda is…

Read More
03 Mar

S3 Ep124: When so-called security apps go rogue [Audio + Text]

Information

by Paul Ducklin A ROGUES’ GALLERY Rogue software packages. Rogue “sysadmins”. Rogue keyloggers. Rogue authenticators. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Scambaiting, rogue 2FA…

Read More
02 Mar

Highlights from the New U.S. Cybersecurity Strategy

Information, Insights

The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests. The strategy says the…

Read More
02 Mar

BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems

Information, News

The BlackLotus bootkit can bypass security protections on fully updated Windows 11 systems and persistently infect them, ESET’s analysis of the threat has revealed. New to the threat landscape – it emerged on underground forums in October 2022 – BlackLotus provides cybercriminals and advanced persistent threat (APT) actors with capabilities previously associated with nation-states, at the price of $5,000. The major threat posed by UEFI bootkits is well known: with control over the operating system’s…

Read More
02 Mar

BlackLotus UEFI bootkit: Myth confirmed

Information

The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature – UEFI Secure Boot – is now a reality. In this blogpost…

Read More
01 Mar

Internet Access, Privacy ‘Essential for Freedom’: Proton Chief

Information, News

Internet privacy company Proton can spot attacks on democracy in a country before they hit the headlines, simply by watching demand for its services explode, its chief told AFP. When Russia blocked access to independent news sites following its invasion of Ukraine a year ago, the small company which provides virtual private networks (VPNs) saw “a 9,000 percent increase in sign-ups over just a period of a few days”, company chief executive Andy Yen said…

Read More
01 Mar

ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022

Information

And that’s just the tip of the iceberg when it comes to the trends that defined the cyberthreat landscape in the final four months of 2022. Data from the latest ESET Threat Report, which provides an in-depth look at the threat landscape from September to December 2022, confirmed several previously observed trends. The key of them was a continuous decline in all but one monitored malware category. Curiously enough, however, the overall drop in numbers…

Read More
28 Feb

Security Defects in TPM 2.0 Spec Raise Alarm

Information, News

Security researchers at Quarkslab have identified a pair of serious security defects in the Trusted Platform Module (TPM) 2.0 reference library specification, prompting a massive cross-vendor effort to identify and patch vulnerable installations. The vulnerabilities, tracked as CVE-2023-1017 and CVE-2023-1018, provide pathways for an authenticated, local attacker to overwrite protected data in the TPM firmware and launch code execution attacks, according to an advisory from Carnegie Mellon’s CERT coordination center.  From the CERT alert: “An…

Read More
28 Feb

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Data Breaches, Information, Insights

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. The conclusions above…

Read More