CyberSecurity Updates

02 Dec

Top tips to save energy used by your electronic devices

Information

With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets? This time last year few of us were concerned about how much energy we used. Even fewer probably bothered to check how much we were spending annually. That calculus was always going to change as Western countries began the journey to carbon neutrality in earnest. But it was given…

Read More
02 Dec

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Information, Malware

by Paul Ducklin BUSINESS RISKS FROM AFTER-HOURS MALWARE Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Crackdowns,…

Read More
02 Dec

The CHRISTMA EXEC network worm – 35 years and counting!

Information, Malware

by Paul Ducklin Forget Sergeant Pepper and his Lonely Hearts Club Band, who taught the band to play a mere 20 years ago today. December 2022 sees the 35th anniversary of the first major self-spreading computer virus – the infamous CHRISTMA EXEC worm that temporarily crushed the major mainframe networks of the day… … not by any deliberately coded side-effects such as file scrambling or data deletion, but simply by leeching too much network bandwidth…

Read More
02 Dec

LastPass admits to customer data breach caused by previous breach

Information

by Paul Ducklin Back in August 2022, popular password manager company LastPass admitted to a data breach. The company, which is owned by sofware-as-a-service business GoTo, which used to be LogMeIn, published a very brief but nevertheless useful report about that incident about a month later: Briefly put, LastPass concluded that the attackers managed to implant malware on a developer’s computer. With a beachhead on that computer, it seems that the attackers were then able…

Read More
01 Dec

The top 10 hacks and cyber security threats of 2022

Attacks, Data Breaches

Cyber crime is an ever-evolving problem, with an estimated cost of US$10trn by 2025. In 2021, there were over 4,100 publicly disclosed data breaches, which represents approximately 22 billion records exposed. The figures for 2022 are expected to at least match this, or potentially exceed it by as much as five percent.  Cyber Security Hub is dedicated to delivering breaking news from the cyber security sector. With this in mind, here are the news stories…

Read More
01 Dec

ConnectWise Quietly Patches Flaw That Helps Phishers

Information, Insights

ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks. A phishing attack targeting MSP customers using ConnectWise. ConnectWise Control is…

Read More
01 Dec

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Attacks, Malware

It is highly recommended for all users of the Quarkus Java framework to update to versions 2.14.2.Final and 2.13.5.Final (LTS) to fix the exploit as soon as possible. This fix forces the Dev UI to check the origin header of the request and only accept requests where the value is localhost. Since this header is set by the browser and is not modifiable by JavaScript run within the browser, exploitation of this vulnerability cannot be…

Read More
01 Dec

LastPass Says Hackers Accessed Customer Data in Most Recent Breach

Attacks, Malware

LastPass reminded customers their master password should be extremely strong and unique, and should never be reused. Additionally, users should set up multi-factor authentication (MFA). MFA combines biometric and contextual factors to establish identity – something you know (a password), something you have (a mobile device), and something you are (a biometric). LastPass provided the following instructions to ensure customer accounts are set up properly and secured. https://blog.lastpass.com/2022/01/how-to-set-up-your-new-lastpass-account/ https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/

Read More
01 Dec

Southampton County Confirms Lockbit 3.0 Ransomware Attack

Attacks, Malware

Free credit and identity monitoring has been offered to those impacted by the event; it is highly recommended that affected users should take advantage of these services. Throughout the investigation process, no evidence of misuse or redistribution of the information was found by Southampton County. However, this assertion of low impact was proven to be false after snippets of data were posted, demonstrating the uncertainty and risks that emerge in the aftermath of ransomware attacks.…

Read More
01 Dec

Wipers Are Widening: Here’s Why That Matters

Information, Malware, News

In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally, which underscores the fact that cybercrime knows no borders.  It’s not just the numbers that are growing; we’re also seeing a rise in variety and sophistication. These wiper varieties are also increasingly targeting critical infrastructure. Awash with wipers  The war…

Read More