Security News > 2023 > April

The last few days of America's tax season are stressful enough, dealing with deadlines and, increasingly, online scams. Threat researchers at cybersecurity firm Securonix said the gang - which may be based in Russia - sends emails containing a password-protected zip file with names that sound like they could be tax-related, such as TitleContractDocs.

Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. Self-extracting archives created with compression software like WinRAR or 7-Zip are essentially executables that contain archived data along with a built-in decompression stub.

Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. Self-extracting archives created with compression software like WinRAR or 7-Zip are essentially executables that contain archived data along with a built-in decompression stub.

Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload. VoIP communications company 3CX was compromised by North Korean threat actors tracked as Lazarus Group to infect the company's customers with trojanized versions of its Windows and macOS desktop apps in a large-scale supply chain attack. Kaspersky has discovered that the Gopuram backdoor previously used by the Lazarus hacking group against cryptocurrency companies since at least 2020, was also deployed as a second-stage payload in the same incident into the systems of a limited number of affected 3CX customers.

A new report by cybersecurity firm WithSecure, based on a survey of more than 400 global cybersecurity and IT decision-makers conducted by Forrester Consulting, suggests that many organizations are reactive in their approach to defending against threats, and piecemeal when it comes to cybersecurity investments. The result? Security goals become detached from business goals, resulting in organizations investing in defenses against threats that aren't relevant to their business or goals.

Capita - everyone's favorite outsourcing badass - is still working to restore services for some customers after admitting the IT outage of certain services on Friday was caused by a cyber attack and efforts to contain the spread. The shape shifting tech biz, which has £6.5 billion worth of public sector contracts booked in, said before the weekend that a technical problem meant staff couldn't access work IT, including Microsoft cloud accounts. The cause of that blackout was confirmed today, with Capita saying via its website that on March 31 the biz "Experienced a cyber incident primarily impacting access to internal Microsoft 365 applications. This caused disruption to some services provided to individual clients, though the majority of our client services remained in operation."

For SlashNext's The Mobile BYOD Intelligence Report, the company surveyed 300 individuals about the use of personal devices for work, how employers balance security and employee privacy with the popularity of Bring Your Own Device, and the resulting gaps in cybersecurity. Right off the bat, the survey found that the use of personal devices for work has been increasing.

Webinar Keeping digital authentication credentials safe is a highly sensitive task in an ever-evolving IT landscape, made more difficult when you consider the ongoing shift from static to dynamic applications aligned with increasingly distributed teams of workers. Putting the right elements in place is critical to building strong secrets management strategies.

British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications. The cyber incident prompted the Capita on March 31 to announce an IT issue that impacted its internal systems.

Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software's manufacturer is yet to confirm how the Windows and macOS desktop apps have been compromised by the attackers. "On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts," 3CX CEO Nick Galea stated on Sunday.