CyberSecurity Updates

18 Aug

S3 Ep148: Remembering crypto heroes

Information

by Paul Ducklin CELEBRATING THE TRUE CRYPTO BROS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  ATM skimmers, ransomware servers, and a warning from the FBI. All…

Read More
18 Aug

Israel, US to Invest $4 Million in Critical Infrastructure Security Projects

Information, News

Government agencies in Israel and the US have announced plans to invest $3.85 million in projects meant to improve the security of critical infrastructure in both countries. The investment is made through the BIRD Cyber Program, a joint initiative from the Israel National Cyber Directorate (INCD), the Israel-US Binational Industrial Research and Development (BIRD) Foundation, and the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T). As part of the program, four grants…

Read More
17 Aug

Karma Catches Up to Global Phishing Service 16Shop

Information, Insights

You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old…

Read More
17 Aug

FBI warns about scams that lure you in as a mobile beta-tester

Information

by Paul Ducklin The US Federal Bureau of Investigation (FBI) has just published an official public service announcement headlined with with a very specific warning: Cybercriminals Targeting Victims through Mobile Beta-Testing Applications. The Feds didn’t go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the “beta-testing” route is to lure users of Apple iPhones into installing software that didn’t come from the App…

Read More
17 Aug

Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning 

Information, News

Exploitation attempts targeting a remote code execution flaw in Citrix’s ShareFile product have spiked just as the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog.  The vulnerability affecting the ShareFile file sharing and collaboration product is tracked as CVE-2023-24489 and it has been assigned a ‘critical’ severity rating. It can allow an unauthenticated attacker to upload arbitrary files and possibly achieve remote code execution. When details of the…

Read More