News

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection. For its part, the company claims it has taken steps to prevent...

Slovak authorities have arrested four suspects on Tuesday as part of an investigation into a series of suspicious devices found connected to the government's official IT network. According to local news site Aktuality, the equipment is believed to have been used for wiretapping purposes and would have allowed threat actors to intercept both internet and telephony operations. The devices, believed to be some type of servers, were connected to GOVNET, a network that interconnects different Slovak...

Microsoft has published a report today detailing a never-before-seen series of attacks against Kubeflow, a toolkit for running machine learning (ML) operations on top of Kubernetes clusters. The attacks have been going on since April this year, and Microsoft says its end-goal has been to install a cryptocurrency miner on Kubernetes clusters running Kubeflow instances exposed to the internet. According to Yossi Weizman, a security researcher with Microsoft's Azure Security Center, the company has detected...

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on. Thanos first began private distribution at the end of October 2019, but it was not until January 2020 when victims seeking help for what was called then the Quimera Ransomware. As time went on, victims continued to seek help in the BleepingComputer forums for the...

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior. This behaviour includes spreading laterally through a network, stealing saved credentials in browsers, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and more. TrickBot also partners with ransomware operators, such as Ryuk, to give access to a compromised...

You only have to read the news on this very website to find countless stories of instances where companies have inadvertently left a database exposed on the web - it’s every security professional’s worst nightmare.   Researchers at Comparitech, who will often be the source of finding these misconfigured databases to alert the unsuspecting company, decided to set up a honeypot experiment to see just how little time it would take before such a database...

One Identity has recently introduced a new feature within One Identity Safeguard for Privileged Passwords 6.6, which manages and secures the use of corporate personal passwords to access corporate third-party accounts. Corporate users can store their passwords for online accounts to services within a new Personal Password Vault. By leveraging the feature - which is free for all users at Safeguard licensed companies - organisations can ensure proper control over, as well as policy adherence...

South Korea will require facilities deemed to be "high-risk" of spreading COVID-19 to install QR code readers, the government said on Wednesday. Places where multiple people gather around indoors, such as fitness centres, clubs, and karaoke bars, will be subject to the requirement, the Korea Centers for Disease Prevention and Control (KCDC) said. People who wish to enter such facilities will need to scan their QR code from Naver's smartphone app. Personal data collected from...

The APT known as TA410 has added a modular remote-access trojan (RAT) to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard, mouse, screen, files, services and processes of an infected computer, with the ability to exfiltrate information to a command-and-control (C2) provider. It appears to be related to previous attacks delivering the LookBack malware....

Babylon Health has acknowledged that its GP video appointment app has suffered a data breach. The firm was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients' consultations. A follow-up check by Babylon revealed a small number of further UK users could also see others' sessions. The firm said it had since fixed the issue and notified regulators. Babylon allows its...