Prime targets: Governments shouldn’t go it alone on cybersecurity

A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital Earlier this year, a well-known APT group dubbed LuckyMouse (aka Emissary Panda, APT27) began exploiting several zero-day Microsoft Exchange Server vulnerabilities. Its end goal? Cyberespionage across multiple government networks in the Middle East and wider organizations in Central Asia. The group used this email server access, and the compromise of Microsoft SharePoint, to deploy a newly updated modular toolkit known as SysUpdate. As ESET explains in a new report, it has been designed to provide on-demand malicious capabilities, while taking [...]

Apple patches severe macOS security flaw

Mac users are being urged to update to macOS Big Sur 11.3 as at least one threat group is exploiting the zero-day bug to sneak past the operating system’s built-in security mechanisms Apple has rolled out an update for its macOS Big Sur operating system to address a bevy of security flaws, including a vulnerability that could allow malware to circumvent the operating system’s built-in protection mechanisms. The vulnerability, tracked as CVE-2021-30657, could allow a malicious actor to craft a payload that could bypass Gatekeeper – the security feature in macOS that enforces code signing and verifies downloaded applications in order to help keep malware off Mac devices. “This payload can be used in [...]

4 common ways scammers use celebrity names to lure victims

All that glitters is not gold – look out for fake celebrity endorsements and other con jobs that aren’t going out of fashion any time soon Online scams are one of the favorite ways criminals like to swindle unsuspecting victims out of their hard-earned money. And since variety is the spice of life, con artists like to defraud their targets using different flavors of con jobs. These schemes often exploit topics du jour, such as COVID-19 vaccinations, or involve evergreen lures, like scams promising a sizeable inheritance from a long-lost relative. Today, we’ll look at several common ways con artists abuse the names and images of the rich and famous to break the [...]

Instagram rolls out new features to help prevent cyberbullying

The social media platform is stepping up efforts to help stomp out harassment and other abusive behavior Instagram has unveiled new tools to help combat cyberbullying and other abusive behavior on the platform – a filter that will prevent users from seeing abusive Direct Messages (DMs) and a tool to stop someone a user has blocked from contacting them from another account. “We understand the impact that abusive content – whether it’s racist, sexist, homophobic, or any other kind of abuse – can have on people. Nobody should have to experience that on Instagram. But combatting abuse is a complex challenge and there isn’t one single step we can take to eliminate it completely,” [...]

AirDrop flaws could leak phone numbers, email addresses

You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says Two security loopholes in Apple’s AirDrop feature could let hackers access the phone numbers and email addresses associated with both the sending and receiving device, German researchers have found. The feature, which lets users easily transfer files between Macs, iPhones and iPads, is present in more than 1.5 billion Apple devices. The two vulnerabilities are classified as severe and affect AirDrop’s authentication protocol, according to the paper called PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop and written by a research team from the Technical University of Darmstadt, Germany. “In particular, the flaws allow an [...]

Google rushes out fix for zero‑day vulnerability in Chrome

The update patches a total of seven security flaws in the desktop versions of the popular web browser Google has released an update for its Chrome web browser that fixes a range of security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser. “Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used in Chrome and other Chromium-based web browsers. Beyond the zero-day flaw, the new release fixes six [...]