CyberSecurity Updates

03 Jan

LockBit apologizes for ransomware attack on hospital, offers decryptor

Data Breaches, Malware, Social Engineering

LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor.  SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital. The incident impacted some internal clinical and corporate systems, as well as…

Read More
02 Jan

Ransomware ecosystem becoming more diverse for 2023

Data Breaches, Malware, Social Engineering

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratization of ransomware is bad news for organizations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate…

Read More
01 Jan

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

Information, Malware

by Paul Ducklin PyTorch is one of the most popular and widely-used machine learning toolkits out there. (We’re not going to be drawn on where it sits on the artifical intelligence leaderboard – as with many widely-used open source tools in a competitive field, the answer seems to depend on whom you ask, and which toolkit they happen to use themselves.) Originally developed and released as an open-source project by Facebook, now Meta, the software…

Read More
30 Dec

Cybersecurity trends and challenges to look out for in 2023

Information

What are some of the key cybersecurity trends and themes that organizations should have on their radars in 2023? As another eventful year comes to a close, it’s time not only to take stock of and reflect on the defining moments of 2022, but especially to look ahead to the challenges that are likely to persist or emerge in the new year. The increasing geopolitical complexity, upheaval and uncertainty, along with high economic volatility and…

Read More
30 Dec

Naked Security 33 1/3 – Cybersecurity predictions for 2023 and beyond

Information

by Paul Ducklin It’s the last regular working weekday of 2022 (in the UK and the US, at least), in the unsurprisingly relaxed and vacationistic gap between Christmas and New Year… …so you were probably expecting us to come up either with a Coolest Stories Of The Year In Review listicle, or with a What You Simply Must Know About Next Year (Based On The Coolest Stories Of The Year) thinly-disguised-as-not-a-listicle listicle. After all, even…

Read More
30 Dec

CISA Says Two Old JasperReports Vulnerabilities Exploited in Attacks

Information, News

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two JasperReports flaws to its Known Exploited Vulnerabilities Catalog. Tibco’s JasperReports Library is advertised as the world’s most popular open source reporting engine. The JasperReports Server software is designed to enable non-technical users to create reports, dashboards, and visualizations. CISA has learned that two JasperReports vulnerabilities discovered in 2018 have been exploited in attacks. One of them is CVE-2018-18809, a critical directory traversal issue in…

Read More
30 Dec

US Congress funds cybersecurity initiatives in FY2023 spending bill

Data Breaches, Malware, Social Engineering

On December 23, the House and Senate Appropriations Committee agreed to a $1.7 trillion omnibus spending bill that funds government operations through the fiscal year 2023. On December 29, President Biden signed it. The 4,155-page bill reflects an already agreed-upon $858 billion for defense spending and an additional $800 billion for non-defense spending, including several prominent cybersecurity items. US Senator Chris Murphy (D-CT), chair of the Subcommittee on Homeland Security, said, “This bill is a…

Read More
29 Dec

Happy 13th Birthday, KrebsOnSecurity!

Information, Insights

KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound to keep doing this as long as they keep letting me. Heck, I’ve been doing this so long I briefly forgot which birthday this was! Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with…

Read More
29 Dec

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Information, Malware

by Paul Ducklin A DAY IN THE LIFE OF A CYBERCRIME FIGHTER Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. Intro and outro music by Edith Mudge. You can listen…

Read More
29 Dec

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

Information

by Paul Ducklin Remember quantum computing, and the quantum computers that make it possible? Along with superstrings, dark matter, gravitons and controlled fusion (hot or cold), quantum computing is a concept that many people have heard of, even if they know little more about any of these topics than their names. Some us are vaguely better informed, or think we are, because we have an idea why they’re important, can recite short but inconclusive paragraphs…

Read More