Information

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

by Paul Ducklin Two weeks ago we reported on two zero-days in Microsoft Exchange that had been reported to Microsoft three weeks before that by a Vietnamese company that claimed to have stumbled across the bugs on an incident response engagement on a customer’s network. (You may need to read that twice.) As you probably recall, the bugs are reminiscent of last year’s ProxyLogin/ProxyShell security problems in Windows, although this time an authenticated connection is…

Read More

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]

by Paul Ducklin THREE DEEP QUESTIONS Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You…

Read More

Serious Security: Microsoft Office 365 attacked over feeble encryption

by Paul Ducklin We’re not quite sure what to call it right now, so we referred to it in the headline by the hybrid name Microsoft Office 365. (The name “Office” as the collective noun for Microsoft’s word processing, spreadsheet, presentation and collaboration apps is being killed off over the next month or two, to become simply “Microsoft 365”.) We’re sure that people will keep on using the individual app names (Word, Excel, PowerPoint and…

Read More

ESET research into POLONIUM’s arsenal – Week in security with Tony Anscombe

More than a dozen organizations operating in various verticals were attacked by the threat actor This week, ESET researchers published their analysis of previously undocumented backdoors and cyberespionage tools that the POLONIUM APT group has deployed against targets in Israel. The group has used at least seven different custom backdoors in the past year, and ESET has named five previously undocumented backdoors with the suffix “-Creep.” More than a dozen organizations operating in various verticals…

Read More

APT‑C‑50 updates FurBall Android malware – Week in security with Tony Anscombe

ESET Research spots a new version of Android malware known as FurBall that APT-C-50 is using in its wider Domestic Kitten campaign This week, ESET researchers published their analysis of a new variant of the Android malware known as FurBall that APT-C-50 has used in its wider Domestic Kitten campaign. The campaign is known to take aim at Iranian citizens as part of mobile surveillance campaigns – and the same applies to this new FurBall…

Read More

Fashion brand SHEIN fined $1.9m for lying about data breach

by Naked Security writer Chinese company Zoetop, former owner of the wildly popular SHEIN and ROMWE “fast fashion” brands, has been fined $1,900,000 by the State of New York. As Attorney General Letitia James put it in a statement last week: SHEIN and ROMWE’s weak digital security measures made it easy for hackers to shoplift consumers’ personal data. As if that weren’t bad enough, James went on to say: [P]ersonal data was stolen and Zoetop…

Read More

Dangerous hole in Apache Commons Text – like Log4Shell all over again

by Paul Ducklin Java programmers love string interpolation features. If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as programming jargon where it’s not a very good linguistic fit… …but the idea is simple, very powerful, and sometimes spectacularly dangerous. In other programming ecosystems it’s often known simply as string substitution, where string is shorthand for a bunch of characters, usually meant for displaying or printing out,…

Read More

When cops hack back: Dutch police fleece DEADBOLT criminals (legally!)

by Paul Ducklin Sadly, we’ve needed to cover the DEADBOLT ransomware several times before on Naked Security. For almost two years already, this niche player in the ransomware cybercrime scene has been preying mainly on home users and small businesses in a very different way from most contemporary ransomware attacks: If you were involved in cybersecurity about ten years ago, when ransomware first started to become a massive money-spinner for the cyberunderworld, you will remember…

Read More

FBI Warns of Iranian Cyber Firm’s Hack-and-Leak Operations

The Federal Bureau of Investigation on Thursday issued an alert to warn that Iranian cyber group Emennet Pasargad is targeting organizations to steal their data and leak it online. Previously known as Eeleyanet Gostar and Net Peygard Samavat, Emennet Pasargad is an organization that often changes its name to avoid US sanctions, and which is known for providing cybersecurity services to government entities in Iran. In November 2020, the US warned that Iranian hackers exploited…

Read More

Data of 3 Million Advocate Aurora Health Patients Exposed via Malformed Pixel

Non-profit healthcare provider Advocate Aurora Health is informing 3 million individuals that a malformed tracking pixel has inadvertently exposed protected health information (PHI) to Facebook or Google. Headquartered in Milwaukee, Wisconsin, and Downers Grove, Illinois, Advocate Aurora Health operates 26 hospitals and over 500 sites of care, and has more than 75,000 employees. In a data breach notification on its website, the healthcare system is informing patients that an incorrectly configured tracking pixel – placed…

Read More