CyberSecurity Updates

04 Sep

In plain sight: Malicious ads hiding in search results

Information

Malware Sometimes there’s more than just an enticing product offer hiding behind an ad Márk Szabó 03 Sep 2024  •  , 3 min. read One thing is true: Malware developers are deeply invested in improving their malware and exploring different ways to compromise end users. Malware spreading through ads is nothing new; for a long time, cybercriminals have had their sights fixed on online advertising networks as a distribution vector.  With just a click, a…

Read More
03 Sep

Sextortion Scams Now Include Photos of Your Home

Information, Insights

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing. This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted…

Read More
02 Sep

Owners of 1-Time Passcode Theft Service Plead Guilty

Information, Insights

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites. Scammers who had already stolen someone’s bank account credentials could enter the target’s phone number and name,…

Read More
30 Aug

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Information

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon analyzing the root cause, we subsequently discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched – in this blogpost, we provide technical details.  Key points of the blogpost: APT-C-60 weaponized a code execution vulnerability in WPS Office for Windows…

Read More
30 Aug

Stealing cash using NFC relay – Week in Security with Tony Anscombe

Information

Video The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become 28 Aug 2024 Recently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks. The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a malicious app installed on their Android phones to the attackers’ rooted Android devices. Watch as Tony discusses the story and…

Read More
29 Aug

CISA and Partners Release Advisory on RansomHub Ransomware

Attacks, Insights, Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS)—released a joint Cybersecurity Advisory, #StopRansomware: RansomHub Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with RansomHub activity identified through FBI investigations and third-party reporting as recently as August 2024. RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—which has…

Read More
29 Aug

Old devices, new dangers: The risks of unsupported IoT tech

Information

Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors Márk Szabó 27 Aug 2024  •  , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status. Hacks of outdated or vulnerable devices are an issue, but why would anyone attempt to hack discontinued devices or those…

Read More
28 Aug

When Get-Out-The-Vote Efforts Look Like Phishing

Information, Insights

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign. Image: WDIV Detroit on Youtube. On Aug. 27, the local…

Read More
28 Aug

CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

Attacks, Insights, Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.  FBI investigations conducted as recently as August 2024 assess that cyber actors like…

Read More
27 Aug

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Information, Insights

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. Image: Shutterstock.com Versa Director systems are primarily used by Internet service…

Read More