CyberSecurity Updates

11 Nov

BadBazaar Android Malware Tied to Chinese Cyberspies

Attacks, Malware

This campaign highlights the difficulty of attribution in relation to threat campaigns. While the BadBazaar malware was previously tied to a campaign taking place in the Middle East in 2017, it was later tied to APT15 in 2020, and now Xi’an Tian He Defense Technology in 2022. This is likely due to this specific tool being sold as a service rather than one of the groups developing this malware themselves, which is becoming more and…

Read More
11 Nov

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

Information

by Paul Ducklin THREE BILLION DOLLARS IN A POPCORN TIN? Radio waves so mysterious they’re known only as X-Rays. Were there six 0-days or only four? The cops who found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn “high” severity levels. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on…

Read More
11 Nov

IOTW: Everything we know about the Medibank data leak

Attacks, Data Breaches

Note: this article was updated on November 11, 2022 to reflect a development in the Australian Federal Police’s investigation The hacker responsible for a data breach of Australian health insurance provider Medibank which affected 9.7 million people has released private medical information on the dark web. The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022. It apparently contains information on procedures that policyholders have…

Read More
11 Nov

GitHub Introduces Private Vulnerability Reporting for Public Repositories

Information, News

Microsoft-owned code hosting platform GitHub has announced the introduction of a direct channel for security researchers to report vulnerabilities in public repositories that allow it. The new private vulnerability reporting capability enables repository maintainers to allow security researchers to report to them any vulnerabilities identified in their code. Some repositories may contain specific instructions on how the maintainers can be contacted for vulnerability reporting, but for those that do not, researchers often report issues publicly.…

Read More
11 Nov

Chinese Spyware Targets Uyghurs Through Apps: Report

Information, News

Cybersecurity researchers said they have found evidence of Chinese spyware in Uyghur-language apps that can track the location and harvest the data of Uyghurs living in China and abroad. Uyghurs are a Turkic Muslim minority predominantly in China’s northwestern region of Xinjiang, where a recent UN report said Beijing may have committed crimes against humanity. The United States and lawmakers in other Western countries say China’s treatment of the Uyghurs amounts to genocide. A Thursday…

Read More
11 Nov

LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover

Information, News

LiteSpeed Web Server vulnerabilities discovered by researchers at Palo Alto Networks can be exploited to take complete control of a targeted server. The security holes were discovered during an audit of OpenLiteSpeed, the open source version of the LiteSpeed performance-focused web server made by LiteSpeed Technologies. Both versions are impacted by the vulnerabilities and they have been patched with the release of OpenLiteSpeed 1.7.16.1 and LiteSpeed 6.0.12. LiteSpeed is a popular web server and an…

Read More
11 Nov

Cybersecurity startups to watch for in 2023

Data Breaches, Malware, Social Engineering

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor…

Read More
11 Nov

Medibank hackers revealed to be in Russia

Data Breaches, Malware, Social Engineering

The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units. But what started as the second largest breach…

Read More
10 Nov

Lacework releases cloud-native application security service

Data Breaches, Malware, Social Engineering

Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to…

Read More
10 Nov

Canadian Meat Giant Suffers Cyberattack

Attacks, Malware

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. On top of that, keeping systems up to date with patches and keeping an up-to-date anti-virus software will help a considerable amount. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Keeping eyes out for network intrusions…

Read More