Information

15 Mar

The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia

Information

ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group ESET researchers discovered a campaign that we attribute with high confidence to the APT group Tick. The incident took place in the network of an East Asian company that develops data-loss prevention (DLP) software. The attackers compromised the DLP company’s internal update servers to deliver malware inside the…

Read More
15 Mar

Microsoft fixes two 0-days on Patch Tuesday – update now!

Information

by Paul Ducklin Thanks to the precise four-week length of February this year, last month’s coincidence of Firefox and Microsoft updates has happened once again. Last month, Microsoft dealt with three zero-days, by which we mean security holes that cybercriminals found first, and figured out how to abuse in real-life attacks before any patches were available. (The name zero-day, or just 0-day, is a reminder of the fact that even the most progressive and proactive…

Read More
15 Mar

Firefox 111 patches 11 holes, but not 1 zero-day among them…

Information

by Paul Ducklin Heard of cricket (the sport, not the insect)? It’s much like baseball, except that batters can hit the ball wherever they like, including backwards or sideways; bowlers can hit the batter with the ball on purpose (within certain safety limits, of course – it just wouldn’t be cricket otherwise) without kicking off a 20-minute all-in brawl; there’s almost always a break in the middle of the afternoon for tea and cake; and…

Read More
15 Mar

US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

Information, News

The US Justice Department on Tuesday announced charges against two men from New York and Rhode Island over their alleged roles in a doxing operation that involved hacking into a law enforcement portal and a police official’s email account. The suspects, 19-year-old Sagar Steven Singh (aka Weep) and 25-year-old Nicholas Ceraolo (aka Convict and Ominous), have been charged with conspiracy to commit computer intrusions, for which they face up to five years in prison. Ceraolo…

Read More
15 Mar

Microsoft Patch Tuesday, March 2023 Edition

Information, Insights

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. Microsoft said it has seen evidence that attackers are exploiting this flaw, which can be done…

Read More
14 Mar

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Data Breaches, Information, Insights

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh…

Read More
14 Mar

5 signs you’ve fallen for a scam – and what to do next

Information

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage. Online fraud can be thought of as a price we pay for the ubiquity of digital services. These services make our lives easier, healthier, safer and more entertaining. But there are countless scammers out there waiting to steal our identities and money. Their ingenuity, our credulity and poor corporate security combine…

Read More
14 Mar

Linux gets double-quick double-update to fix kernel Oops!

Information

by Paul Ducklin Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash. Microsoft has tried many things over the years to shake that nickname “BSoD”, including changing the background colour used when crash messages appear, adding a super-sized sad-face emoticon to make the message feel more compassionate, displaying QR codes that you can…

Read More
14 Mar

How the Best CISOs Drive Operational Resilience

Information, News

The last three years have been fueled by turbulent change — especially when it comes to an organization’s tech structure. The unanticipated global pandemic drastically accelerated digital transformation (DX) and a borderless workforce, forcing businesses to fast-track projects they had previously scheduled to take years. These years-long projects began to be completed in the matter of months, or even weeks, and propelled the industry forward momentously, but also highlighted that cybersecurity must be interwoven in…

Read More
13 Mar

NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry 

Information, News

The National Motor Freight Traffic Association (NMFTA) has appointed Antwan Banks as its director of enterprise security as the organization shifts focus to end-to-end security for the trucking industry. The NMFTA told SecurityWeek that this is a newly created position. Banks will lead the organization’s cybersecurity practice, and work with its partners and members to ensure the safety and security of the supply chain in the United States.  “As you can imagine, this is increasingly…

Read More