Information

13 Dec

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

Information

by Paul Ducklin You’ve probably heard of Pwn2Own, a hacking contest that started life alongside the annual CanSecWest cybersecurity event in Vancouver, Canada. Pwn2Own is now a multi-million “hackers’ brand” in its own right, having been bought up by anti-virus outfit Trend Micro and extended to cover many more types of bug than just browsers and desktop operating systems. The name, in case you’re wondering, is shorthand for “pwn it to own it”, where pwn…

Read More
13 Dec

New Python-Based Backdoor Targeting VMware ESXi Servers

Information, Malware, News

Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers. The targeted servers were impacted by known security defects (such as CVE-2019-5544 and CVE-2020-3992) that were likely used for initial compromise, but what caught the researchers’ attention was the simplicity, persistence, and capabilities of the deployed backdoor. As part of the attack, the threat actor modified a total of four files on the target, which the system…

Read More
12 Dec

Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware

Information, Malware, News

Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. On Friday, the researchers warned that a threat actor was typosquatting popular PyPI packages to direct developers to malicious dependencies containing code to download payloads written in Golang (Go). The purpose of the attack is to infect victims with ransomware variants designed to update the desktop background with a message impersonating the CIA and instructing…

Read More
10 Dec

Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework

Information, News

In this session from SecurityWeek’s 2022 ICS Cybersecurity Conference, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized…

Read More
10 Dec

Xenomorph: What to know about this Android banking trojan

Information

Xenomorph pilfers victims’ login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data More than 50,000 Android devices were compromised with an Android banking trojan called Xenomorph earlier this year. First reported by ThreatFabric, Xenomorph posed as a system-optimizing app called “Fast Cleaner”. Disguising malicious software as device optimizers, battery- or performance-enhancing and other utility tools is a rather common tactic for dangerous Android malware. Xenomorph is after people’s login credentials for banking, payment,…

Read More
10 Dec

Diamond industry under attack – Week in security with Tony Anscombe

Information

ESET researchers uncover a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group This week, ESET researchers published their findings about a new wiper, Agrius, and its execution tool, Sandals, both attributed to the Iran-aligned Agrius APT group. The researchers discovered the malicious tool while analyzing a supply-chain attack that abused an Israeli software developer. The attack probably targeted the company’s software updating mechanisms in order to deploy the wiper…

Read More
10 Dec

S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]

Information, Malware

by Paul Ducklin DATA BREACHES – THE STING IN THE TAIL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ…

Read More
09 Dec

Interpres Security Emerges From Stealth Mode With $8.5 Million in Funding

Information, News

Defense management startup Interpres Security on Thursday announced that it has emerged from stealth mode with $8.5 million in a seed funding round led by Ten Eleven Ventures and a solution designed to help companies optimize security performance. The Charleston-based firm proposes a new approach to managing the defense surface, offering a continuous, customized analysis of detection and mitigation capabilities, to help organizations improve their security posture. The company provides tailored mitigation, data collection, and…

Read More
09 Dec

Credit card skimming – the long and winding road of supply chain failure

Information, Malware

by Paul Ducklin Researchers at application security company Jscrambler have just published a cautionary tale about supply chain attacks… …that is also a powerful reminder of just how long attack chains can be. Sadly, that’s long merely in terms of time, not long in terms of technical complexity or the number of links in the chain itself. Eight years ago… The high-level version of the story published by the researchers is simply told, and it…

Read More
08 Dec

New Ransom Payment Schemes Target Executives, Telemedicine

Information, Insights

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. Alex Holden is founder of…

Read More