Information

05 Dec

Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet

Information

by Paul Ducklin It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. The company said nothing more about that bug than to describe it as a “heap buffer overflow in GPU” [sic], and to report that it was already being used in real-world attacks. Google left all of the following questions unanswered: How might…

Read More
03 Dec

FBI Director Raises National Security Concerns About TikTok

Information, News

FBI Director Chris Wray is raising national security concerns about TikTok, warning Friday that control of the popular video sharing app is in the hands of a Chinese government “that doesn’t share our values.” Wray said the FBI was concerned that the Chinese had the ability to control the app’s recommendation algorithm, “which allows them to manipulate content, and if they want to, to use it for influence operations.” He also asserted that China could…

Read More
03 Dec

ScarCruft updates its toolset – Week in security with Tony Anscombe

Information

Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive This week, ESET researchers published their analysis of a previously undocumented backdoor that the ScarCruft APT group has used against carefully selected targets. ScarCruft is an espionage group that has been operating since at least 2012 and mainly takes aim at South Korea. The group’s new backdoor, which ESET named…

Read More
03 Dec

Apple pushes out iOS security update that’s more tight-lipped than ever

Information

by Paul Ducklin It’s just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words “a remote user may be able to cause unexpected app termination or arbitrary code execution”. Both macOS 13 Ventura and iPadOS got updated at the same time, with a pair of security bulletins published on Apple’s web site. Now, there’s another security update, apparently moving iPhone…

Read More
02 Dec

Hypr Raises $25 Million for Passwordless Authentication Platform

Information, News

New York City-based passwordless authentication solutions provider Hypr announced on Thursday that it has raised $25 million in a Series C1 funding round. The previous funding round, the Series C, was announced in April 2021, when the company raised $35 million. The latest investment, which brings the total to $97 million, was led by Advent International, with participation from .406 Ventures, RRE Ventures, Top Tier Capital, and Comcast Ventures. The money will be used to…

Read More
02 Dec

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges

Information, News

Qualys’ Threat Research Unit has shown how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system. The new vulnerability, tracked as CVE-2022-3328, is a race condition in Snapd, a Canonical-developed tool used for the Snap software packaging and deployment system. Specifically, the flaw impacts the ‘snap-confine’ program used by Snapd to construct the execution environment for Snap applications. The affected program is…

Read More
02 Dec

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

Information

ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group ESET researchers have analyzed a previously unreported backdoor used by the ScarCruft APT group. The backdoor, which we named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers. Its functionality is reserved for selected targets, to which the backdoor is deployed…

Read More
02 Dec

Top tips to save energy used by your electronic devices

Information

With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets? This time last year few of us were concerned about how much energy we used. Even fewer probably bothered to check how much we were spending annually. That calculus was always going to change as Western countries began the journey to carbon neutrality in earnest. But it was given…

Read More
02 Dec

S3 Ep111: The business risk of a sleazy “nudity unfilter” [Audio + Text]

Information, Malware

by Paul Ducklin BUSINESS RISKS FROM AFTER-HOURS MALWARE Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Crackdowns,…

Read More
02 Dec

The CHRISTMA EXEC network worm – 35 years and counting!

Information, Malware

by Paul Ducklin Forget Sergeant Pepper and his Lonely Hearts Club Band, who taught the band to play a mere 20 years ago today. December 2022 sees the 35th anniversary of the first major self-spreading computer virus – the infamous CHRISTMA EXEC worm that temporarily crushed the major mainframe networks of the day… … not by any deliberately coded side-effects such as file scrambling or data deletion, but simply by leeching too much network bandwidth…

Read More