Security

Security researchers from ESET have discovered a new custom backdoor they dubbed MQsTTang and attributed it to the advanced persistent threat (APT) group known as Mustang Panda. Writing in an advisory published on March 2, 2023, ESET malware researcher, Alexandre Côté Cyr explained the new backdoor is part of an ongoing campaign the company traced back to early January.

by Paul Ducklin A ROGUES’ GALLERY Rogue software packages. Rogue “sysadmins”. Rogue keyloggers. Rogue authenticators. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are

The Information Commissioner’s Office (ICO) has repeated calls for an urgent review into government ministers’ use of private messaging apps for official business, after 100,000 WhatsApp messages were leaked to a newspaper. The messages had been shared by former health secretary Matt Hancock with right-wing journalist Isabel Oakeshott so she could ghost write his Pandemic Diaries

by Naked Security writer Dutch police announced late last week that they’d arrested three young men, aged between 18 and 21, suspected of cybercrimes involving breaking in, stealing data, and then demanding hush money. The charges include: computer intrusion, data theft, extortion, blackmail, and money laundering. The trio were actually arrested a month earlier, back

British high street chain WH Smith has revealed earlier today it was hit by a cyber-attack that resulted in the theft of company data. In particular, the stationery and book chain said current and former employee data was accessed by the threat actors, including names, addresses, dates of birth and national insurance numbers. WH Smith

Russian government officials will no longer be able to use messaging apps developed and run by foreign companies, according to a new law which went into force yesterday. Parts 8–10 of Article 10 of the new law – On Information, Information Technologies and Information Protection – apply to government agencies and organizations. “The law establishes

by Paul Ducklin There’s no date on the update, but as far as we can make out, LastPass just [2023-02-27] published a short document entitled Incident 2 – Additional details of the attack. As you probably remember, because the bad news broke just before the Christmas holiday season in December 2022, LastPass suffered what’s known

The European Commission has banned the use of the TikTok application on its corporate devices, as well as on personal devices, enrolled in the Commission’s mobile device service. According to a blog post published by the Commission on Thursday, the move aims to protect the Commission against cybersecurity threats. “The measure is in line with Commission

by Paul Ducklin Thanks to Tommy Mysk and Talal Haj Bakry of @mysk_co for the impetus and information behind this article. The duo describe themselves as “two iOS developers and occasional security researchers on two continents.” In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not

Google Play Store’s new Data Safety labels have been criticized for being inaccurate in nearly 80% of cases. The claims come from Mozilla’s *Privacy Not Included researchers, who published a new study about them on Thursday. “[We] found that the labels were false or misleading based on discrepancies between the apps’ privacy policies and the

The US Cybersecurity and Infrastructure Security Agency (CISA) warned nations’ defenders yesterday against disruptive and defacement attacks today. These, the agency said on Thursday, may spur from attempts to sow chaos and societal discord on the anniversary of Russia’s 2022 invasion of Ukraine. “In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion

A payload of the Wslink downloader named WinorDLL64 has been linked to the North Korea-aligned advanced persistent threat (APT) known as Lazarus Group. The connection was made by cybersecurity researchers at Eset, who published an article about it earlier today. “Wslink […] is a loader for Windows binaries that, unlike other such loaders, runs as

by Paul Ducklin LEARNING FROM OTHERS The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You

More than four out of five (84%) codebases contain at least one known open source vulnerability. The figures come from Synopsys’ new Open Source Security and Risk Analysis Report (OSSRA), which mentions an almost 4% increase compared to last year. The research document also mentions a 163% growth in the edtech sector’s adoption of open

by Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end. This satirical observation has flowed diretly into modern

by Paul Ducklin Popular cryptocurrency exchange Coinbase is the latest well-known online brand name that’s admitted to getting breached. The company decided to turn its breach report into an interesting mix of partial mea culpa and handy advice for others. As in the recent case of Reddit, the company couldn’t resist throwing in the S-word

Cybersecurity researchers from Trellix have shared their findings regarding six vulnerabilities on macOS and iOS and a new bug class. Writing in an advisory published earlier today, the company said the new class of privilege escalation bugs is based on the ForcedEntry attack, which abused a feature of macOS and iOS to deploy the NSO

Samsung has released a new smartphone feature designed to protect user devices from threats disguised as image attachments. Called “Message Guard,” the new capability is currently compatible with the Samsung Messages app as well as with Messages by Google. “In line with Samsung’s philosophy of open collaboration, a software update will roll out at a

by Paul Ducklin Twitter has announced an intriguing change to its 2FA (two-factor authentication) system. The change will take effect in about a month’s time, and can be summarised very simply in the following short piece of doggerel: Using texts is insecure for doing 2FA, So if you want to keep it up you're going

In 2022, Russia-backed cyber-attacks targeting Ukraine rose 250% compared to 2020 and those targeting NATO countries, 300%. This staggering surge is one of the findings from Google Threat Analysis Group (TAG) in a February 16 report, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, published in collaboration with Google Trust &

by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently

Several Chinese state-sponsored threat groups have been observed targeting businesses and governments in the European Union. The claims come from a joint publication by the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU). Published on Wednesday, the document directly mentions particular advanced persistent threats (APTs): APT27,

A new malicious actor dubbed “WIP26” by SentinelOne has been observed targeting telecommunication providers in the Middle East. Describing the threat in a Thursday advisory, the security researchers said the team has been monitoring WIP26 with colleagues from QGroup GmbH. “WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft

Two business email compromise (BEC) groups have been observed using executive impersonation to conduct attacks on companies worldwide. The findings come from security researchers at Abnormal Security, who have dubbed the threat actors “Midnight Hedgehog,” specializing in payment fraud, and “Mandarin Capybara,” who is focused on executing payroll diversion attacks. “Combined, they have launched BEC campaigns

by Paul Ducklin CAN WE STOP WITH THE “SOPHISTICATED” ALREADY? The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With

Google has officially started rolling out the beta of its Privacy Sandbox features on a limited number of Android 13 devices. First unveiled in 2020, the Privacy Sandbox is an initiative designed to limit user data sharing in digital advertising and the impact of cross-app identifiers. “Over the past year, we’ve worked closely with the

by Paul Ducklin Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems. In version number terms: iPhones and iPads on version 16 go to iOS 16.3.1 and iPadOS 16.3.1 respectively (see HT213635). Apple Watches on version 9 go to watchOS

Check Point has released its Global Threat Index report for January 2023, which shows AgentTesla returning to the third spot (from the ninth in December 2022) in the January 2023 Most Wanted Malware list. The Lokibot infostealer has also grown substantially, from not being in the top 10 list to second place. Further, the infostealer Vidar has

by Paul Ducklin Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need, if not everything you’d really like to know, is there, but there’s such a dizzing number of ways to view it, and so many generated-on-the-fly pages are needed to display it, that it can

Several US government agencies and non-profits have warned individuals against romance scams connected with Valentine’s Day. The Federal Bureau of Investigation (FBI) has issued two separate statements over the last week to warn citizens in Texas and New Mexico against these crime attempts. According to the Bureau’s Internet Crime Complaint Center (IC3), romance scams have