Security News > 2023 > August

Three additional rogue Python packages have been discovered in the Package Index repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. First disclosed at the start of the month by the company and Sonatype, VMConnect refers to a collection of Python packages that mimic popular open-source Python tools to download an unknown second-stage malware.

Total number of malware-based attacks: 1,578,733 Number of unique attacks: 200,454 Average number of cyberattacks per day: 17,280 Average number of cyberattacks per hour: 720 Average number of attacks per minute: 12 Average number of new malware variants per minute: 1.5. Attacks ramped up again as cybercriminals got back to work in the new year.

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Apple is inviting security researchers to apply for the Apple Security Research Device Program again, to discover vulnerabilities and earn bug bounties. In the intervening years, participating researchers have identified 130 security-critical vulnerabilities and have indirectly helped Apple implement security improvements in the XNU kernel, kernel extensions, and XPC services around the system.

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison said. Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as FamousSparrow, which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange Server to penetrate hospitality, government, engineering, and legal sectors.

ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, respectively for each malicious app, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites posing as legitimate encrypted chat applications - the malicious apps are FlyGram and Signal Plus Messenger. Threat actors exploit fake Signal and Telegram apps.

Protect Your Email With This Top-Rated Tool - Just $40 for Labor Day Mail Backup X is one of the top-rated tools on the market for backing up and archiving your emails. It's so crucial that losing access to your email or mistakenly deleting certain email messages could become a serious headache in your life.

Group-IB has published new information on the operation today, reporting that Classiscam has made $64.5 million in combined earnings from scamming users of classifieds sites and stealing their money and payment card details. The number of targeted brands has also grown from 169 brands last year to 251 this year, and there are now 393 criminal gangs targeting users in 79 countries, coordinating in one of the operation's 1,366 Telegram channels.

Typically, admins can identify devices and OSes through unique Device IDs assigned by software agents that run on network endpoints and collect information for device identification. For those reasons, we need a passive approach to identification that does not involve software installations and works equally well with systems that are customized and stripped down to meet specific IoT device requirements.