CyberSecurity Updates

16 Mar

Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets

Information

ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers – a type of malware that steals or modifies the contents of the clipboard. All of them are after victims’ cryptocurrency…

Read More
16 Mar

S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

Information

by Paul Ducklin THE PRICE OF FAST FASHION Lucky Thirteen! The price of fast fashion. Firefox fixes. Feature creep fail curtailed in Patch Tuesday. No audio player below? Listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into…

Read More
16 Mar

YoroTrooper Espionage Campaign Targeting Government Organizations

Attacks, Malware

Phishing techniques have a high prevalence in the current threat landscape and are often employed as an initial attack vector by threat groups. Archive files hiding malicious payloads are also frequently utilized by threat groups. Additionally, YoroTrooper makes use of open source and on-the-market tools to make attribution more difficult. However, these tactics also present an opportunity for defenders and researchers to develop detections for an attacker’s toolkit by focusing on open source offensive tools.…

Read More
16 Mar

Latitude Financials Suffers Breach

Attacks, Malware

Customers of Latitude Financial should consider taking the following steps to reduce the chance of further damage occurring as a result of the breach. 1. Monitor financial accounts: Check bank and credit card statements regularly to ensure that there are no unauthorized transactions. If any suspicious activity is noticed, it should be reported immediately. 2. Change passwords: Although Latitude has stated that no passwords were compromised in the attack, it is always a good practice…

Read More
16 Mar

GoBruteforcer: New Golang-Based Malware Breaches Web Servers via Brute-Force Attacks

Attacks, Malware

One of the best methods to prevent brute force attacks from succeeding is to have strong passwords implemented across all systems. Creating passwords that are 20+ characters in length, with a random mix of uppercase and lowercase characters, special characters, and numbers is an efficient way to prevent a brute force attack from allowing a malicious user to gain access to a system. Limiting login attempts is another way to prevent brute force attacks from…

Read More
16 Mar

Winter Vivern APT Hackers Use Fake Antivirus Scans to Install Malware

Attacks, Malware

To protect best against a campaign such as this, it is recommended to provide user education into common phishing tactics as well as overall emerging cybersecurity risks and vulnerabilities. It is important to employ a defense-in-depth strategy to detect this activity at a different portion of the attack chain, such as detecting lateral movement or reconnaissance activity. Binary Defense’s MDR and Threat Hunting services are an excellent solution to assist with such a program. https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/

Read More
16 Mar

IOTW: Ransomware gang allegedly hacks Ring doorbells

Attacks, Data Breaches

Russia-linked ransomware gang ALPHV has claimed to have launched a cyber attack against Amazon-owned domestic security company, Ring. Ring, which makes doorbells with video and sound recording capabilities, has denied that the hack took place. ALPHV, however, posted on the dark web about the hack and is threatening to release data stolen during the breach. The gang, which is responsible for creating BlackCat malware, posted a picture of the Ring logo on its website alongside…

Read More
16 Mar

Meta Develops New Kill Chain Thesis

Information, News

Facebook parent Meta has officially unveiled a ten-phase kill chain model that it believes will be more inclusive and more effective than the existing range of kill chain models. Cybersecurity theorists have long sought to understand the stages of an attack. The idea is simple: if you can recognize a stage in the attack process, you will be more able to disrupt the attack and protect your assets. This has led to the development of…

Read More
16 Mar

UK bans TikTok on government devices over data security fears

Data Breaches, Malware, Social Engineering

Social media app TikTok has been banned on UK government electronic devices, the Cabinet Office has announced. The ban, announced by the chancellor of the Duchy of Lancaster, Oliver Dowden, comes in the wake of a security review into the risks posed to government data by social media apps on devices along with the potential for sensitive information to be accessed and used by some platforms. The move follows other Western countries who have barred…

Read More
16 Mar

FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0

Attacks, Insights, Malware

The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit. CISA encourages network defenders…

Read More