Couple arrested for secretly installing cryptomining software on department store PCs
Police in Tarragona, Spain, have arrested a man and a woman after they allegedly infected computers at high-street stores with malware with the intention of mining cryptocurrency on them. Read more in my article on the Hot for Security blog.
The Internet is Held Together With Spit & Baling Wire
A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune…
How the US paused shopping (and browsing) for Thanksgiving
So, if you like to keep up with the tradition in the United States you and your family yesterday (November 25, 2021) celebrated Thanksgiving. So on a special day, with family gatherings for many and with a lot of cooking if you’re into the tradition (roast turkey, stuffing and pumpkin…
Heard in the halls of Web Summit 2021
Opening night of Web Summit 2021, at the Altice Arena in Lisbon, Portugal. Photo by Sam Barnes/Web SummitGlobal in-person events were back in a big way at the start of November (1-4) in Lisbon, Portugal, with Web Summit 2021 gathering more than 42,000 attendees from 128 countries. I was there…
Proposed UK Law Bans Default Passwords
Following California’s lead, a new UK law would ban default passwords in IoT devices.
Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is…
Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable
A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers,…
New US CISO appointments, November 2021
The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.Follow…
CronRAT: A New Linux Malware That’s Scheduled to Run on February 31st
Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat…
Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries
Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms in the country are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper Calcalist,…
Product Releases Should Not Be Scary
Every Product Manager and Software Developer should know that pushing feature updates to production via traditional channels is as archaic as painting on cave walls. The smart are always quick to adapt to new, innovative technologies, and this mindset is exactly what makes normal companies great. The landscape is changing fast,…
Try out 1Password 8 for Windows, where security meets productivity
Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! 1Password 8 for Windows has been reimagined with productivity improvements, enhanced security and privacy features, and a new, modern design. 1Password 8 helps you manage, access, and protect…
Everything you ever wanted to know about UDP sockets but were afraid to ask, part 1
Snippet from internal presentation about UDP inner workings in Spectrum. Who said UDP is simple!Historically Cloudflare's core competency was operating an HTTP reverse proxy. We've spent significant effort optimizing traditional HTTP/1.1 and HTTP/2 servers running on top of TCP. Recently though, we started operating big scale stateful UDP services.Stateful UDP…
Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. Read more in my article on the Tripwire State of Security blog.
Smashing Security podcast #253: Cybercrime unicorns, HVAC hacks, and NFT piracy – with Mikko Hyppönen
Heating systems are left vulnerable to attack in the high courts, cybercrime unicorns have become a reality (but what are they?), over 15 Terabytes of NFTs are made available for anyone to download ... and Carole reveals her Pick of the Year. All this and much more is discussed in…