Uncategorized

Police Dismantle Major Ukrainian Ransomware Operation

Law enforcement agencies in seven countries teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation. According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices.  This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021.  The…

Read More

Federal Push for Secure-by-Design: What It Means for Developers

Secure-by-design as a requirement is coming. Developers should start preparing for it now. The March 2023 National Cybersecurity Strategy (NCS) includes, “In setting cybersecurity regulations for critical infrastructure, regulators are encouraged to drive the adoption of secure-by-design principles…” There are two important elements to this. The concept of secure-by-design is introduced but not defined; and it is implied that this undefined concept will be enforced on the critical infrastructure by regulations that are yet to…

Read More

UK Minister Warns Meta Over End-to-End Encryption

Britain’s interior minister on Wednesday warned tech giant Meta that rolling out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. Suella Braverman and security minister Tom Tugendhat have called on the company, which owns Facebook, Instagram and WhatsApp, to “work with us” and ensure police can access data. “The use of strong encryption for online users remains a vital part of our digital world and I support…

Read More

Using WinRAR? Be sure to patch against these code execution bugs…

by Paul Ducklin The venerable RAR program, short for Roshal’s Archiver after its original creator, has been popular in file sharing and software distribution circles for decades, not least because of its built-in error recovery and file reconstruction features. Early internet users will remember, with little fondness, the days when large file transfers were shipped either as compressed archives split across multiple floppy disks, or uploaded to size-conscious online forums as a series of modestly-sized…

Read More

S3 Ep144: When threat hunting goes down a rabbit hole

by Paul Ducklin SING US A CYBERSECURITY SONG Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that…

Read More

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download when you decide to fetch them. Don’t take as long to install and activate when you actually apply them. Don’t make irreversible changes that can’t…

Read More

S3 Ep136: Navigating a manic malware maelstrom

by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Cybercrime after cybercrime, some Apple updates, and an attack on a…

Read More

Ransomware tales: The MitM attack that really had a Man in the Middle

by Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts got there in the end. The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline. These days, we usually expand the jargon term MitM to…

Read More

Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

by Paul Ducklin Microsoft’s May 2023 Patch Tuesday updates comprise just the sort of mixture you probably expected. If you go by numbers, there are 38 vulnerabilities, of which seven are considered critical: six in Windows itself, and one in SharePoint. Apparently, three of the 38 holes are zero-days, because they’re already publicly known, and at least one of them has already been actively exploited by cybercriminals. Unfortunately, those criminals seem to include the notorious…

Read More

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort of criminals, and what they were up to, which would at least help to round out the story. Our approach has therefore been simply to…

Read More