News

Virtualization technology giant VMware on Wednesday shipped urgent patches to cover security defects in the Aria Operations for Networks product, warning that the flaws expose business to remote code execution attacks. VMware released an advisory documenting three critical-severity vulnerabilities haunting the network and application monitoring tool and called special attention to a command injection issue (CVE-2023-20887) that carries a CVSSv3 base score of 9.8/10. “A malicious actor with network access to VMware Aria Operations for…

Read More

Open source password manager KeePass was updated over the weekend to patch a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump. Tracked as CVE-2023-32784 and impacting KeePass 2.x versions, the issue is related to the custom-developed textbox used for password entry, which creates a leftover string in memory for each character that the user types. An attacker can use a KeePass process dump, a hibernation file, a swap file, or…

Read More

As I discussed in my previous column on Cybersecurity Futurism for Beginners, we are applying methods and approaches commonly used in future studies, especially horizon scanning and scenario planning, to explore future scenarios for how AI such as LLM’s may impact security operations going forward. To quickly rehash, horizon scanning is not strictly speaking about predicting the future. Rather, it’s about the early detection of weak signals to identify drivers of emerging trends. We’re not…

Read More

Josh Lospinoso’s first cybersecurity startup was acquired in 2017 by Raytheon/Forcepoint.. His second, Shift5, works with the U.S. military, rail operators and airlines including JetBlue. A 2009 West Point grad and Rhodes Scholar, the 36-year-old former Army captain spent more than a decade authoring hacking tools for the National Security Agency and U.S. Cyber Command. Lospinoso recently told a Senate Armed Services subcommittee how artificial intelligence can help protect military operations. The CEO/programmer discussed the subject with…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

Russian anti-malware vendor Kaspersky on Thursday said it discovered an APT actor launching zero-click iMessage exploits on iOS-powered devices in its corporate network. Kaspersky’s disclosure comes on the same day Russia’s Federal Security Service (FSB) blamed US intelligence agencies for an ongoing spy campaign targeting thousands of iOS devices belonging to domestic subscribers and foreign diplomatic missions. The FSB, the Russian security agency that succeeded the Soviet KGB, said iPhones belonging to diplomats from NATO…

Read More

As networks become atomized, the need for specialization comes into play. Infrastructure is spread across legacy, on-premises, hybrid, multi-cloud, and edge environments. Organizations have security operations center (SOC), network, cloud operations, and in some cases operational technology (OT) teams all tasked with keeping the business up and running and secure. And each team consists of subject matter experts with specialized levels of knowledge and specific tools that they use. When capabilities, nomenclature, constructs, and available…

Read More

Swiss industrial giant ABB confirmed this week that it was recently targeted in a ransomware attack and that the cybercriminals exfiltrated some data. The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation.  “ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating,…

Read More

A recently identified ransomware operation called Buhti is using LockBit and Babuk variants to target both Linux and Windows systems, Symantec reports. Initially observed in February 2023, the Buhti operation, which Symantec calls Blacktail, has been rapidly expanding since mid-April, exploiting recent vulnerabilities for initial access, and relying on a custom tool to steal victim files. In a recent attack, the Buhti operators used a minimally modified version of the LockBit 3.0 (LockBit Black) ransomware…

Read More