What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Malware

Microsoft warns of Volt Typhoon, latest salvo in global cyberwar

Image: pinkeyes/Adobe Stock Microsoft’s warning on Wednesday that the China-sponsored actor Volt Typhoon attacked U.S. infrastructure put a hard emphasis on presentations by cybersecurity and international affairs experts that a global war in cyberspace is pitting authoritarian regimes against democracies. Jump to: China’s commitment to cyberwarfare Microsoft’s notification pointed out . . . Read more

S3 Ep136: Navigating a manic malware maelstrom

by Paul Ducklin A PYTHON PERSPECTIVE VORTEX No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just . . . Read more

PyPI open-source code repository deals with manic malware maelstrom

by Paul Ducklin Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to ReactOS.org, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source (sorry!) of free operating systems, applications, programming libraries, and developers’ toolkits that have done computer science . . . Read more

How business email compromise attacks emulate legitimate web services to lure clicks

New BEC cyberattacks use phishing with a legitimate Dropbox link as a lure for malware and credentials theft. Image: Adobe Stock. Threat actors have added a new wrinkle to traditional business email compromise cyberattacks. Call it BEC 3.0 — phishing attacks that bury the hook in legitimate web services like . . . Read more

White House addresses AI’s risks and rewards as security experts voice concerns about malicious use

Image: Shuo/Adobe Stock The White House, last week, released a statement about the use of artificial intelligence, including large language models like ChatGPT. The statement addressed concerns about AI being used to spread misinformation, biases and private data, and announced a meeting by Vice President Kamala Harris with leaders of . . . Read more

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort . . . Read more

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that . . . Read more

Threat actor APT28 targets Cisco routers with an old vulnerability

The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. Image: maciek905/Adobe Stock Threat actor APT28 is exploiting an old vulnerability in Cisco routers using Simple Network Management Protocol versions 1, 2c and 3 to target the U.S., Europe and Ukraine. . . . Read more