News

Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before…

Software development giant GitHub on Wednesday announced an enhancement to its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. Generally available since March 2023, the secret scanning feature is meant to help organizations and developers identify potentially exposed secrets in their repositories and take immediate action. Backed by a large number of service providers in the GitHub Partner Program, the feature sends alerts to developers when…

Server and computer hardware giant Supermicro has released updates to address multiple vulnerabilities in Baseboard Management Controllers (BMC) IPMI firmware. The issues (tracked as CVE-2023-40284 to CVE-2023-40290) could allow remote attackers to gain root access to the BMC system, firmware supply chain security firm Binarly, which identified the bugs, explains. A special chip on server motherboards that support remote management, the BMC allows administrators to monitor various hardware variables and even update the UEFI system…

A series of critical vulnerabilities impacting a tool called TorchServe could allow threat actors to take complete control of servers that are part of the artificial intelligence (AI) infrastructure of some of the world’s largest companies. The flaws were discovered by Oligo, a company that specializes in runtime application security and observability, which disclosed its findings on Tuesday. The firm named the attack ShellTorch. TorchServe is an open source package in PyTorch, a machine learning…

Sensitive Department of Homeland Security (DHS) information might have been compromised in a recent ransomware attack aimed at government contractor Johnson Controls International. A multinational giant headquartered in Cork, Ireland, Johnson Controls produces industrial control systems and smart building equipment, software, and services, including HVAC, security, fire protection, and support solutions. The company serves clients in the education, government, healthcare, hospitality, naval, and transportation sectors, including the DoD, DHS, and other government agencies in the…

The lights have flickered shut at IronNet, the once-promising network security company founded by former NSA director General Keith Alexander. Bankrupt and out of financing options, IronNet said it would file for Chapter 7 protection while its assets are liquidated. “Given the unavailability of additional sources of liquidity…IronNet ceased all activities of the company and its subsidiaries and terminated the remaining employees,” the Virginia company said in its latest SEC Form 8-K filing. It is…

Cloud computing giant AWS says an internal threat intel decoy system called MadPot has been used successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm. MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious actors, watches their movements, and generates protection data for multiple AWS security products. AWS said the honeypot system is designed…

Gaps in Cloudflare’s security controls allow users to bypass customer-configured protection mechanisms and target other users from the platform itself, technology consulting firm Certitude warns. The issue, the company says, arises from the shared infrastructure that all Cloudflare tenants have access to, allowing malicious actors to abuse the trust customers place in the platform’s protections to target them via Cloudflare. A major cybersecurity vendor offering web application firewall (WAF), bot management, and distributed denial-of-service (DDoS)…

Google has rushed to patch another Chrome zero-day vulnerability exploited by a commercial spyware vendor.  The internet giant announced on Tuesday that the stable channel of Chrome for Windows, macOS and Linux has been updated to version 117.0.5938.132. The latest update patches 10 vulnerabilities, three of which have been highlighted by the company in its advisory. The most important vulnerability, tracked as CVE-2023-5217, has been described as a “heap buffer overflow in vp8 encoding in…