Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting … [Read more...] about Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine
find
Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
A study of 16 different Uniform Resource Locator (URL) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries … [Read more...] about Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined … [Read more...] about SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts
Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang
Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing … [Read more...] about Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang
Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks
A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of … [Read more...] about Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks
Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices
Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My Bluetooth" broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then … [Read more...] about Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices
Researchers Find Additional Infrastructure Used By SolarWinds Hackers
The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, … [Read more...] about Researchers Find Additional Infrastructure Used By SolarWinds Hackers
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open … [Read more...] about Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Experts Find a Way to Learn What You’re Typing During Video Calls
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, … [Read more...] about Experts Find a Way to Learn What You’re Typing During Video Calls
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an … [Read more...] about Researchers Find Vulnerabilities in Microsoft Azure Cloud Service