CyberSecurity Updates

27 Jan

Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe

Information

Video The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK 26 Jan 2024 This week, ESET researchers released their findings about an attack where a previously unknown threat actor deployed a sophisticated multistage implant, which ESET named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software such as Tencent QQ, WPS Office, and Sogou Pinyin. Blackwood, the name…

Read More
26 Jan

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Information, Insights

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker…

Read More
26 Jan

Guidance: Assembling a Group of Products for SBOM

Attacks, Insights, Malware

Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. Specifically, software producers often need to assemble and test products together before releasing them to customers. These products may contain components that experience version changes over time,…

Read More
25 Jan

Using Google Search to Find Software Can Be Risky

Information, Insights

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair. Google says keeping users safe is a top priority, and that the company has a team of thousands working around…

Read More
25 Jan

NSPX30: A sophisticated AitM-enabled implant evolving since 2005

Information

ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software. Key points in this blogpost: We discovered the NSPX30 implant being deployed via the update mechanisms of legitimate software such as Tencent QQ,…

Read More
25 Jan

Break the fake: The race is on to stop AI voice cloning scams

Information

Scams As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection Cameron Camp 23 Jan 2024  •  , 4 min. read Would you fall for a faked call from your CEO asking you to wire money? As our colleague Jake Moore found out, you might. As computers with spare compute cycles get…

Read More
25 Jan

New Year, New Initiatives for the NIST Privacy Framework!

Insights

 It’s been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We’ve also been able to add a variety of resources to support its implementation. Credit: NIST We’re proud of how much has been accomplished in just a few short years, but we’re not resting on our…

Read More
25 Jan

Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products

Attacks, Insights, Malware

Cisco released a security advisory to address a vulnerability (CVE-2024-20253) affecting multiple Unified Communications Products. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unified Communications Products Remote Code Execution Vulnerability advisory and apply the necessary updates.

Read More
24 Jan

Privacy Attacks in Federated Learning

Insights

Our first post in the series introduced the concept of federated learning—an approach for training AI models on distributed data by sharing model updates instead of training data. At first glance, federated learning seems to be a perfect fit for privacy since it completely avoids sharing data. However, recent work on privacy attacks has shown that it’s possible to extract a surprising amount of information about the training data, even when federated learning is used.…

Read More
23 Jan

CISA Joins ACSC-led Guidance on How to Use AI Systems Securely

Attacks, Insights, Malware

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) on Engaging with Artificial Intelligence—joint guidance, led by ACSC, on how to use AI systems securely. The following organizations also collaborated with ACSC on the guidance: Federal Bureau of Investigation (FBI) National Security Agency (NSA) United Kingdom (UK) National Cyber Security Centre (NCSC-UK) Canadian Centre for Cyber Security (CCCS) New Zealand National Cyber Security Centre (NCSC-NZ) and CERT NZ Germany Federal…

Read More