Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed “YTStealer” by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. “What sets YTStealer aside from other stealers sold on the dark web market is that it is solely focused on harvesting credentials for one single service instead of grabbing everything it can get ahold of,” security researcher Joakim...
cybersecurity
The premium version of School Management, a plugin schools use to operate and manage their websites, has contained the backdoor since at least version 8.9, researchers at website security service Jetpack said in a blog post without ruling out that it had been present in earlier versions. This page from a third-party site shows that version 8.9 was released last August. Obvious backdoor Jetpack said it discovered the backdoor after support team members at WordPress.com reported finding heavily obfuscated code on several sites that used School Management Pro. After deobfuscating it, they realized that...
Blockchain company Harmony has offered a $1 million bounty to hackers who stole $100 million worth of Ethereum tokens. It also says it won’t push for criminal charges if the funds are returned. The Horizon bridge is a cross-chain protocol connecting the Ethereum, Binance and Harmony blockchains. It allows the transfers of cryptocurrencies, stablecoins and non-fungible tokens between the Harmony blockchain and the other networks, DataBreachToday.co.uk Reports The company has attempted to contact the hackers via a transaction to their Ethereum wallet address, Harmony tells Information Security Media Group. At the...
LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator’s license. These emails demand that the recipient remove the infringing content from their websites, or they will face legal action, reports BleepingComputer Reports The emails, spotted by analysts at AhnLab, Korea, do not determine which files were unfairly used in the body and instead tell the recipient to download...
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world’s top spam forum, reports KrebsOnSec. According to a statement by the U.S. Department of Justice, RSOCKS offered...
CyberSecurity Myths Debunked We work online. We live online. As our fast-paced lives get exponentially dependent on digital services, the urgency to protect our information from being misused is crucial. In 2021, Microsoft went down in flames of embarrassment, as it sustained the biggest hack of that year, over 30,000 US businesses were affected by a sweeping attack on the Microsoft Exchange email servers, one of the largest email servers in the world. The hackers were able to exploit four different zero-day vulnerabilities that allowed them to gain unauthorized access to emails from small...
In a predominantly bipartisan vote, the Industrial Control Systems Cybersecurity Training Act was passed by the House of Representatives on the evening of June 21, 2022. The bill, sponsored by Representative Eric Swalwell (D-CA) establishes within the Cybersecurity and Infrastructure Security Agency (CISA) an initiative to provide the cybersecurity workforce with no-cost training related to securing industrial control systems. These information systems are used to control industrial processes such as manufacturing, product handling, production and distribution. Industrial Control Systems Cybersecurity Training Act This bill will supplement an already impressive array of...
UK legislators have proposed an amendment to the Product Security and Telecommunications Infrastructure (PSTI) bill that would give cybersecurity professionals a legal defence for their activities under the Computer Misuse Act (CMA). A cross-party group in the House of Lords, the UK’s second chamber, tabled the amendment on Tuesday (June 21). The PSTI bill is designed to support the UK’s 5G rollout while also mandating vulnerability disclosure policies for vendors of Internet of Things (IoT) products, among other security provisions. ‘Acting in good faith’ The CyberUp campaign, a security industry coalition calling for wholesale reform...
Delivery company Yodel has found itself the latest victim of a cyber “incident” that has disrupted services. Rooted firmly to the bottom of the table of best and worst courier firms by consumer campaigner Which? Yodel has gained popularity and, perhaps, a bit of notoriety in recent years as consumers turned to courier companies rather than venture into physical stores. Exactly when security problems began is difficult to ascertain, since Yodel’s social media voicebox is crammed full of disgruntled customers wondering where their products are (indeed, this writer had the joy...
Despite growing awareness of the dangers of cyber-attacks, many organisations are loath to adopt a preventative approach – until they’re hit. New research has found that 90% of high-level managers believe that most cyber-attacks are avoidable with a preventative approach. In its ‘Cybersecurity: Prevention Is Better than the Cure’ report, Tanium explored reactive versus preventative cybersecurity measures. It surveyed UK-based IT decision makers across a variety of industries including public sector, financial services, healthcare, and retail. Of its respondents, 92% said they had experienced a breach at some point in the...