Cyber Bites

Security analysts from Korea have detected a malware distribution campaign using Valorant cheat lures on YouTube in order to trick players into downloading RedLine, a powerful information stealer. This kind of lure is relatively common as threat actors can easily avoid YouTube's new content submission reviews, or simply create new accounts when old ones are reported and blocked. ASEC spotted the campaign, which targets the gaming community of Valorant, a free first-person shooter for Windows,...

The UK government has announced plans to introduce new legislation, aiming to improve the security of digital identity solutions. The rules are designed to enhance trust in digital identities and scaling down reliance on physical documents such as passports and driving licenses. The UK’s Department for Digital, Culture, Media and Sport (DCMS) made the announcement following a public consultation period. It is possible to access digital identity solutions in several ways, including via a phone app...

Security researchers have warned pro-Ukrainian actors of employing DDoS tools to attack Russia, as they may be ridden with info-stealing malware. In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets. Cisco Talos has claimed that many cyber criminals are attempting to exploit the outpouring of support for Ukraine, amidst the Russian invasion of the country. The organisation detected several posts on Telegram offering DDoS tools...

The tech giant Microsoft has claimed that encouraging women into cybersecurity jobs is "mission critical" to addressing the labour shortage in the cybersecurity industry. The company's corporate vice president of security, compliance, identity and management, Vasu Jakkal argues that diversity is sorely needed in the industry in order to address the evolving threat landscape and relieving overburdened IT teams. A lack of female representation in cybersecurity is fuelling unequal pay and insufficient support for women,...

The prolific Conti ransomware collective spent millions on salaries, tools and services throughout 2021. The recent leak of the pro-Russia group's internal chats by a Ukrainian researcher, analysed by security vendor BreachQuest, has revealed fascinating insights into the workings of the operation. The group's structure is not dissimilar to that of a legitimate business, with an HR and recruitment lead, someone in charge of its data leak blog, a training specialist, a blockchain lead and...

Professor John Goodacre, challenge director – Digital Security by Design, UKRI, and Professor of Computer Architectures, The University of Manchester, told attendees at the last leg of the DSbD roadshow in Wales that the UK is on the path to "cyber disaster". He claimed that the current approach of discovering and patching vulnerabilities is growing unsustainable as the digital revolution storms on - particularly in regards to the growth of IoT devices. “Even with the...

A global leader in WordPress security and threat intelligence, Patchstack, recently released a whitepaper highlighting the sorry state of WordPress security in 2021. Reported vulnerabilities grew 150% in 2021 from the previous year. Perhaps most alarmingly, 29% of the critical flaws in WordPress plugins never received an update. WordPress is used in 43.2% of websites and is the most popular content management system on the planet, making the report worrying reading.  

A new FBI report has revealed that at least 52 critical national infrastructure (CNI) entities have been compromised by a ransomware variant. The FBI has claimed that organisations across 10 CNI sectors had been impact as of January this year.# Key sectors include manufacturing, financial services, government and IT. A prolific ransomware variant has compromised at least 52 critical national infrastructure (CNI) entities, a new FBI report has revealed. The group has change it's tools,...

A group with ties to China tracked as TA416 but widely known as Mustang Panda has targeted European diplomats since August 2020. The most recent activity employs refreshed lures to coincide with the Russian invasion of Ukraine. A new report by Proofpoint found that TA416 leads cyber-espionage campaigns against the EU, focusing on long-term goals rather than opportunistic gains. The group has not changed their methods since the campaign began, making easy work for analysts.

Threat actors have breached the South Korean tech giant Samsung Electronics and stolen several source codes. The source codes in question are instrumental in the operation of the organisation's Galaxy devices. In a statement to SamMobile on Monday, the company revealed that it had strengthened its security measures after identifying a breach “relating to certain internal company data.” As yet, the company is not aware of the full scope of the breach but Samsung has...