Information

14 Feb

Microsoft Patch Tuesday, February 2023 Edition

Information, Insights

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks. Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege…

Read More
13 Feb

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug

Information

by Paul Ducklin Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update of the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption. In this bug, firing the same encrypted message over and over again at a server, but modifying the padding at the end of the data to make the data…

Read More
13 Feb

The Lessons From Cyberwar, Cyber-in-War and Ukraine

Information, News

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation. Here we will look at the use of cyber in the years leading to the kinetic war, and the use of cyber technology on the modern kinetic battlefield. We need to understand the meaning of cyber and the…

Read More
11 Feb

Key findings from the latest ESET Threat Report – Week in security with Tony Anscombe

Information

What is behind the drop in ransomware and what should still be done for containing the ransomware scourge? Ransomware detections fell by 20% between 2021 and 2022, according to ESET’s latest Threat Report. What is behind the drop, why is ransomware still a huge problem, and what has yet to be done before the ransomware scourge is contained? Watch the video to learn not just about the latest trends in ransomware, but also about, for…

Read More
11 Feb

US Blacklists 6 Chinese Entities Over Balloon Program

Information, News

The United States on Friday blacklisted six Chinese entities it said were linked to Beijing’s aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed U.S. airspace. The economic restrictions followed the Biden administration’s pledge to consider broader efforts to address Chinese surveillance activities and will make it more difficult for the five companies and one research institute to obtain American technology exports. The move is likely to further escalate…

Read More
10 Feb

Alexa, who else is listening?

Information

Your smart speaker is designed to listen, but could it be eavesdropping too? Ever since Amazon came under fire for being able to potentially listen in on people through its Echo smart speakers, and even transcribe what they were saying, I have been intrigued by the idea of how IoT could be used to snoop on us, unbeknown to the victims. Big tech companies behind Alexa-enabled and other similar devices have since taken steps towards…

Read More
10 Feb

Reddit admits it was hacked and data stolen, says “Don’t panic”

Information

by Paul Ducklin Popular social media site Reddit – “orange Usenet with ads”, as we’ve somewhat ungraciously heard it described – is the latest well-known web property to suffer a data breach in which its own source code was stolen. In recent weeks, LastPass and GitHub have confessed to similar experiences, with cyercriminals apparently breaking and entering in much the same way: by figuring out a live access code or password for an individual staff…

Read More
10 Feb

Microsoft OneNote Abuse for Malware Delivery Surges

Information, News

Organizations worldwide have been warned of an increase in the number of attacks abusing Microsoft OneNote documents for malware delivery. Part of the Office suite, OneNote is typically used within organizations for note taking and task management, among other operations. What makes OneNote documents an attractive target for threat actors includes the fact that they do not benefit from the Mark-of-the-Web (MOTW) protection, along with the fact that files can be attached to OneNote notebooks…

Read More
10 Feb

Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report

Information, News

The number of vulnerabilities discovered in industrial control systems (ICS) continues to increase, and many of them have a ‘critical’ or ‘high’ severity rating, according to a new report from industrial cybersecurity firm SynSaber.  The report compares the number of ICS and ICS medical advisories published by CISA between 2020 and 2022. While the number of advisories was roughly the same in 2021 and 2022, at 350, the number of vulnerabilities discovered last year reached…

Read More
09 Feb

Into the void: Your tech and security in digital darkness

Information

No internet, perfect security? Two ESET researchers perform a thought experiment where they consider the implications of being plunged into digital darkness. Not every computer problem is due to a war in Ukraine, or the failure of the power grid in Texas. But let’s say your network access gets shut off from the rest of the world due to a catastrophic event. Whether it is an armed conflict, a decision of an authoritarian regime, an…

Read More