Month: January 2023

JD Sports has confirmed that a cyber-attack that hit the company between 2018 and 2020 may have resulted in the data leak of 10 million customers. The company said this in an email sent to users earlier today and seen by Infosecurity. “We wish to inform you about a security incident involving the data of some customers

by Paul Ducklin Samba, simply put, is a super-useful, mega-popular, open-source reimplementation of the networking protocols used in Microsoft Windows, and its historical importance in internetworking (connecting two different sorts of network together) cannot be underestimated. In the late 1990s, Microsoft networking shed its opaque, proprietary nature and became an open standard known as CIFS,

A malicious campaign impersonating American financial advisors has been spotted targeting several hundred individuals in West Africa. Recently discovered by cybersecurity experts at DomainTools, the ‘pig butchering’ operation uses a complex network of social engineering techniques to defraud victims. Describing the activity in an advisory shared with Infosecurity, DomainTools said most attacks from the unnamed threat

An operation responding to a Black Basta ransomware compromise has revealed the use of a new PlugX malware variant that can automatically infect any attached removable USB media devices. Palo Alto Networks Unit 42 shared the findings with Infosecurity earlier today, adding that the new PlugX variant is “wormable” and can infect USB devices in

by Paul Ducklin BREACHES, PATCHES, LEAKS AND TWEAKS Latest epidode – listen now. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify,

Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. “During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR,” Brinkrolf wrote. “A combination of

by Naked Security writer Six months ago, according to the US Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) infiltrated the Hive ransomware gang and started “stealing back” the decryption keys for victims whose files had been scrambled. As you are almost certainly, and sadly, aware, ransomware attacks these days typically involve two

The threat actor known as Cobalt Sapling has been spotted creating a new persona dubbed “Abraham’s Ax” to target Saudi Arabia for political leverage. The findings come from cybersecurity experts at Secureworks’ Counter Threat Unit (CTU), who published an advisory about the new threat earlier today. In a report shared with Infosecurity via email, Secureworks

by Paul Ducklin The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people. The victims are said to live in countries as far apart as Austria, China, Columbia, the

A previously unknown, financially motivated North Korea state-sponsored threat actor has been observed testing several infection methods in the wild while adhering to a ‘startup’ culture mentality. The findings come from security researchers at Proofpoint, who called the group TA444 and said it has been active in its current form of targeting cryptocurrency exchanges since at

by Paul Ducklin GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a

A new string of attacks against East Asian organizations has been spotted by security researchers and attributed to the threat actor known as DragonSpark. The campaign, discovered by SentinelLabs, uses the little-known open-source SparkRAT alongside malware tools to evade detection via source code interpretation techniques based on the Go programming language. “The DragonSpark attacks represent

by Paul Ducklin Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we’d already decided that iOS 12 had slipped (or perhaps

An increasing number of threat actors have started relying on the command-and-control (C2) framework Sliver as an open-source alternative to tools such as Metasploit and Cobalt Strike. Security researchers at Cybereason described the new phenomenon in an advisory published last Thursday, adding that Sliver is gaining popularity due to its modular capabilities (via Armory), cross-platform

by Paul Ducklin Over the years, we’ve written and spoken on Naked Security many times about the thorny problem of DNS hijacking. DNS, as you probably know, is short for domain name system, and you’ll often hear it described as the internet’s “telephone directory” or “gazetteer”. If you’re not familiar with the word gazeteer, it

Security researchers have spotted another innovative technique phishing actors are using to bypass traditional security filters – this time using blank images. The email in question was detected by Check Point business Avanan, and arrived as a legitimate-looking DocuSign message. Although the link in the email body will take the user directly to a regular