Information

17 Jan

Multi-million investment scammers busted in four-country Europol raid

Information

by Paul Ducklin Another day, another series of cryptocurrency scams… …these, fortunately, brought to a halt, though sadly not before they’d defrauded “investors” around the globe to the tune of millions of dollars. According to Europol, 216 people were questioned in Bulgaria, Cyprus, Germany and Serbia; 15 have already been arrested; 22 searches were conducted, including at four separate call centres; and about $1,000,000 in cryptocurrency was seized. Law enforcement also confiscated €50,000 in cash;…

Read More
16 Jan

Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks

Information, Malware, News

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet. The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execution exploits if SAML single-sign-on is enabled or has ever been enabled. According to researchers at automated penetration testing firm Horizon3.ai, the CVE-2022-47966 flaw is easy…

Read More
15 Jan

APT group trojanizes Telegram app – Week in security with Tony Anscombe

Information

StrongPity’s backdoor is fitted with various spying features and can record phone calls, collect texts, and gather call logs and contact lists This week, the ESET research team published their findings about an espionage campaign by the StrongPity APT group that spreads a fully functional, but trojanized version of the legitimate Telegram app for Android. The malicious app – which has various spying features, including recording phone calls and collecting SMS messages – is distributed…

Read More
13 Jan

Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit

Information

ESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA IDA Pro from Hex-Rays is probably the most popular tool today for reverse-engineering software. For ESET researchers, this tool is a favorite disassembler and has inspired the development of the IPyIDA plugin that embeds an IPython kernel into IDA Pro. Under continuous development since 2014, we’re pleased to announce the release of version 2.0. IPyIDA serves a similar purpose as another…

Read More
13 Jan

NSA Director Pushes Congress to Renew Surveillance Powers

Information, News

A top U.S. intelligence official on Thursday urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying they were critical to stopping terrorism, cyberattacks and other threats. The remarks by Army Gen. Paul Nakasone, director of the National Security Agency, opened what’s expected to be a contentious debate over provisions of the Foreign Intelligence Surveillance Act that expire at year’s end. The bipartisan consensus in favor of expanded…

Read More
13 Jan

Most Cacti Installations Unpatched Against Exploited Vulnerability

Information, News

Most internet-exposed Cacti installations have not been patched against a critical-severity command injection vulnerability that is being exploited in attacks. An open-source web-based network monitoring and graphing tool that offers an operational monitoring and fault management framework, Cacti is a front-end application for the data logging utility RRDtool. In early December 2022, the tool’s maintainers announced patches for CVE-2022-46169, a critical-severity (CVSS score 9.8) command injection flaw that could allow unauthenticated attackers to execute code…

Read More
13 Jan

Exploitation of Control Web Panel Vulnerability Starts After PoC Publication

Information, News

Security researchers are observing exploitation attempts targeting a critical Control Web Panel (CWP) vulnerability, following the publication of proof-of-concept (PoC) code in early January. Formerly CentOS Web Panel, CWP is a popular, free web hosting panel for enterprise-based Linux systems, offering support for the management and security of both servers and clients. Tracked as CVE-2022-44877 (CVSS score of 9.8), the exploited vulnerability allows unauthenticated attackers to achieve remote code execution (RCE) on impacted systems. The…

Read More
12 Jan

Now you can legally repair your tech – sort of

Information

A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own Want to secure, patch, upgrade, or modify tech you own? You may not be able to, if some manufacturers have anything to say about it. They view your use of their tech as a limited license, not ownership, and therefore strike back if you attempt to fix…

Read More
12 Jan

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

Information

by Paul Ducklin THE CRYPTO CRISIS THAT WASN’T Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Call…

Read More
12 Jan

Tesla Returns as Pwn2Own Hacker Takeover Target

Information, Malware, News

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise. Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems in the car to gain arbitrary code execution. “Success here gets a big payout and, of course, a brand-new Tesla,” contest…

Read More