Security News > 2022 > July

The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the intent of its operators is to gather information from the victims' Macs by exfiltrating documents, keystrokes, and screen captures," ESET researcher Marc-Etienne M.Léveillé said in a report published today.

Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM. Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy implications when it comes to both compliance/regulatory concerns, like HIPAA or PCI DSS 4.0. The government agency points out that sensitive health information combined with the shadowy data security practices used by technology companies is extremely problematic, with most customers having little or no knowledge of how their data is collected, what data is collected, how it is used, or how it is protected.

An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers. Cleartrip would you mind telling us when the breach happened? pic.

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week.

ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control communication. CloudMensis' capabilities clearly show that its operators' main goal is to collect sensitive info from infected Macs through various means.

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. This Help Net Security video highlights how cyber attacks affect law enforcement agencies worldwide.

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. "Instead of waiting for apps to gain a specified volume of installs and reviews before swapping for a malware-laced version, the Joker developers have taken to hiding the malicious payload in a common asset file and package application using commercial packers," the researchers explained the new tactic adopted by the persistent malware to bypass detection.

In this Help Net Security video, Tony Lambert, Senior Malware Analyst at Red Canary, talks about how adversaries’ favorite tools are legitimate tools that are used for malicious purposes. The post...

At the recent meeting of the North Atlantic Council in Madrid, NATO heads of state agreed to boost resilience to cyber and hybrid threats. NATO members will strengthen their cyber defenses through enhanced civil-military cooperation, and expand industry partnerships.

The U.S. Federal Bureau of Investigation has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the agency said [PDF].