"'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks"

"'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks"

Two Middle Eastern telecommunications organizations were recently compromised by a potentially novel threat actor using two backdoors with new methods for covertly loading malicious shellcode onto a target system. Cisco Talos dubbed the intrusion set "ShroudedSnooper" because it could not link the activity to previously identified groups. ShroudedSnooper uses two backdoors, "HTTPSnoop" and "PipeSnoop," with advanced anti-detection mechanisms, such as masquerading as popular software products and infecting low-level Windows server components.

Submitted by Gregory Rigby on

"Unhooking Phishing Threats - The Detection of Phishing Attempts in Communications Systems"

"Unhooking Phishing Threats - The Detection of Phishing Attempts in Communications Systems"

There is a new approach to combating phishing attacks to improve online security, reduce cybercrime against individuals and businesses, and prevent attacks against governments. Computer security systems are continuously challenged by the emergence of increasingly sophisticated phishing attacks, which may also use social engineering and malware. T.

Submitted by Gregory Rigby on

"A New and Inclusive Approach to Privacy Technology Is Needed to Keep Users Safe Online"

"A New and Inclusive Approach to Privacy Technology Is Needed to Keep Users Safe Online"

The UK's Online Safety Bill (OSB) will introduce several new digital regulations and offenses, but uncertainties persist regarding the future of online safety. The government and the technology industry are debating over how to create privacy-by-design (PBD) technologies that protect the privacy of Internet users without compromising public safety or national security.

Submitted by Gregory Rigby on

"New Proposal Aims to Boost IoT Security With a Sticker"

"New Proposal Aims to Boost IoT Security With a Sticker"

The Federal Communications Commission (FCC) has proposed a cybersecurity labeling program to protect smart device users. The new initiative encompasses Internet of Things (IoT) devices such as Wi-Fi routers, digital personal assistants, home security cameras, GPS trackers, medical devices, and other Internet-connected appliances. Although the underlying problem is real and devices are often found to lack adequate cybersecurity, many, including one of the FCC's commissioners, consider the proposed solution lightweight. This article continues to discuss the effort to boost IoT security.

Submitted by Gregory Rigby on

"German Spy Chief Warns of Cyberattacks Targeting Liquefied Natural Gas Terminals"

"German Spy Chief Warns of Cyberattacks Targeting Liquefied Natural Gas Terminals"

Bruno Kahl, the head of Germany's foreign intelligence service, warned that state-sponsored hackers could target the country's Liquefied Natural Gas (LNG) terminals. Due to the Russian invasion of Ukraine in 2022, estimated to have reduced Germany's GDP by 2.5 percent because of its reliance on gas pipelined from Russia, the country chartered three new LNG terminals, with plans for future expansion. However, according to the spy chief, these new LNG landing facilities should be viewed as potential targets for future cyberattacks.

Submitted by Gregory Rigby on

"Clop Gang Stolen Data From Major North Carolina Hospitals"

"Clop Gang Stolen Data From Major North Carolina Hospitals"

The Microsoft-owned healthcare technology company Nuance has disclosed that the Clop extortion gang stole personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign. Companies use MOVEit Transfer to securely transmit files via SFTP, SCP, and HTTP-based uploads. Microsoft credits the Clop ransomware group, also known as Lace Tempest, with exploiting a zero-day vulnerability in the MOVEit Transfer platform, tracked as CVE-2023-34362.

Submitted by Gregory Rigby on

"Modeling Social Media Behaviors to Combat Misinformation"

"Modeling Social Media Behaviors to Combat Misinformation"

Social media manipulation is used to spread false narratives, influence democratic processes, and more. However, not everyone with whom you disagree on social media is a bot. Misinformation strategies have continued to evolve. Their detection has been a reactive process, with malicious actors always one step ahead. Alexander Nwala, an assistant professor of data science at William & Mary, seeks to proactively combat these forms of exploitation.

Submitted by Gregory Rigby on

"New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services"

"New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services"

A novel cloud-native cryptojacking operation has targeted Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to mine cryptocurrency. Sysdig has given the malicious cyber activity the codename AMBERSQUID. The AMBERSQUID operation exploited cloud services without triggering the AWS requirement for approval of additional resources, as would have been the case if they had only spammed EC2 instances, according to Alessandro Brucato, a security researcher at Sysdig.

Submitted by Gregory Rigby on

"Microsoft Flushes Out 'Ncurses' Gremlins"

"Microsoft Flushes Out 'Ncurses' Gremlins"

The "ncurses" programming library contains multiple memory corruption vulnerabilities that allow attackers to target applications running in macOS, Linux, and FreeBSD. Microsoft researchers discovered the vulnerabilities in the library that provides Application Programming Interfaces (APIs) for text-based user interfaces and terminal applications. Researchers from the company's threat intelligence team described the vulnerabilities in a technical report as enabling data leaks, privilege escalation, and arbitrary code execution.

Submitted by Gregory Rigby on

"BlackCat Ransomware Hits Azure Storage With Sphynx Encryptor"

"BlackCat Ransomware Hits Azure Storage With Sphynx Encryptor"

The BlackCat (ALPHV) ransomware group encrypts Azure cloud storage using stolen Microsoft accounts and the recently discovered Sphynx encryptor. Sophos X-Ops incident responders found that the attackers used a new Sphynx variant with added support for using custom credentials. After gaining access to the Sophos Central account with a stolen One-Time Password (OTP), the attackers disabled Tamper Protection and modified security policies. These actions were possible after stealing the OTP from the victim's LastPass vault through the LastPass Chrome extension.

Submitted by Gregory Rigby on
Subscribe to