Information

30 Sep

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

Information

ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, most notably a publicly undocumented backdoor we named LightlessCan. Lazarus operators obtained initial access to the company’s network last year after a successful spearphishing campaign, masquerading as a recruiter for Meta – the company behind Facebook, Instagram, and WhatsApp. The fake recruiter contacted the victim via LinkedIn Messaging, a feature within the LinkedIn professional social networking…

Read More
30 Sep

How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe

Information

Video During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan 29 Sep 2023 This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the company’s network after a successful spearphishing campaign where they masqueraded as a recruiter for Meta, the company behind Facebook, Instagram,…

Read More
29 Sep

Bankrupt IronNet Shuts Down Operations

Information, News

The lights have flickered shut at IronNet, the once-promising network security company founded by former NSA director General Keith Alexander. Bankrupt and out of financing options, IronNet said it would file for Chapter 7 protection while its assets are liquidated. “Given the unavailability of additional sources of liquidity…IronNet ceased all activities of the company and its subsidiaries and terminated the remaining employees,” the Virginia company said in its latest SEC Form 8-K filing. It is…

Read More
29 Sep

AWS Using MadPot Decoy System to Disrupt APTs, Botnets

Information, News

Cloud computing giant AWS says an internal threat intel decoy system called MadPot has been used successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm. MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious actors, watches their movements, and generates protection data for multiple AWS security products. AWS said the honeypot system is designed…

Read More
29 Sep

Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers

Information, News

Gaps in Cloudflare’s security controls allow users to bypass customer-configured protection mechanisms and target other users from the platform itself, technology consulting firm Certitude warns. The issue, the company says, arises from the shared infrastructure that all Cloudflare tenants have access to, allowing malicious actors to abuse the trust customers place in the platform’s protections to target them via Cloudflare. A major cybersecurity vendor offering web application firewall (WAF), bot management, and distributed denial-of-service (DDoS)…

Read More
28 Sep

5 of the top programming languages for cybersecurity

Information

Secure Coding While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles Christian Ali Bravo 27 Sep 2023  •  , 4 min. read Coding is a pivotal skill in many aspects of today’s technology-driven society and it holds growing significance for many jobseekers and students, including those contemplating a career…

Read More
28 Sep

Can open-source software be secure?

Information

Secure Coding, Business Security Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security? 26 Sep 2023  •  , 5 min. read There are – and will always be – vulnerabilities in software. Just like there is no perfect security, there is no perfect codebase. That begs the question: What is the best way to fix software problems, especially at scale?…

Read More
28 Sep

Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor

Information, News

Google has rushed to patch another Chrome zero-day vulnerability exploited by a commercial spyware vendor.  The internet giant announced on Tuesday that the stable channel of Chrome for Windows, macOS and Linux has been updated to version 117.0.5938.132. The latest update patches 10 vulnerabilities, three of which have been highlighted by the company in its advisory. The most important vulnerability, tracked as CVE-2023-5217, has been described as a “heap buffer overflow in vp8 encoding in…

Read More
27 Sep

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Data Breaches, Information, Insights

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. First spotted in 2018,…

Read More
27 Sep

Update on Naked Security

Information

Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security research, insights, and intelligence in a single location. We are redirecting articles from Naked Security to Sophos News and you…

Read More