News

A recently identified ransomware operation called Buhti is using LockBit and Babuk variants to target both Linux and Windows systems, Symantec reports. Initially observed in February 2023, the Buhti operation, which Symantec calls Blacktail, has been rapidly expanding since mid-April, exploiting recent vulnerabilities for initial access, and relying on a custom tool to steal victim files. In a recent attack, the Buhti operators used a minimally modified version of the LockBit 3.0 (LockBit Black) ransomware…

Read More

Google on Thursday announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users, allowing them to automatically acquire and renew TLS certificates for free. The ACME protocol was designed to automate TLS certificate lifecycle through APIs that are supported by dozens of clients, and has become the standard for certificate management across the internet, with most TLS certificates in the WebPKI being issued by ACME certificate authorities. The protocol’s…

Read More

A Mirai botnet variant has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.  The Taiwan-based networking device manufacturer informed customers about the security hole on April 25, when it announced the availability of patches for impacted ATP, VPN, USG Flex and ZyWALL/USG firewalls. The OS command injection vulnerability, found by Trapa Security, is caused by improper error message handling in some firewalls, and it could allow an unauthenticated attacker…

Read More

All sessions from SecurityWeek’s Threat Detection & Incident Response Summit  are now available to watch on demand. This fully immersive online event brought together security practitioners from around the world to share war stories on breaches and the murky world of high-end cyberattacks. Gain insights and learn strategies as we discuss threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. Agenda sessions available to watch on demand include…

Read More

The 2023 State of Operational Technology and Cybersecurity Report published on Wednesday by Fortinet shows a drop in the number of intrusions at OT organizations. The report is based on a survey of 570 OT professionals, representing the manufacturing, transportation, healthcare, oil and gas, energy, chemical, and water sectors in countries such as the US, Canada, Australia, Brazil, Mexico, the UK, France, Germany, Japan, India, South Africa, and Egypt. A vast majority of the respondents…

Read More

The White House on Tuesday announced new efforts to guide federally backed research on artificial intelligence as the Biden administration looks to get a firmer grip on understanding the risks and opportunities of the rapidly evolving technology. Among the moves unveiled by the administration was a tweak to the United States’ strategic plan on artificial intelligence research, which was last updated in 2019, to add greater emphasis on international collaboration with allies. White House officials…

Read More

A new US Government Accountability Office (GAO) report shows that the Departments of Agriculture, Homeland Security (DHS), Labor, and the Treasury have not fully implemented six key cloud security practices for their systems. According to the 60-page GAO report (PDF), only one agency fully implemented four practices for most of its systems, while three other agencies fully implemented three practices for their systems. The remaining practices, GAO says, were either partially implemented or not implemented…

Read More

Samsung smartphone users have been warned by the vendor and the US Cybersecurity and Infrastructure Security Agency (CISA) about a recently patched vulnerability being exploited in attacks. The flaw in question is CVE-2023-21492, described as a kernel pointer exposure issue related to log files. The security hole can allow a privileged local attacker to bypass the ASLR exploit mitigation technique. This indicates that it has likely been chained with other bugs. Samsung patched CVE-2023-21492 with…

Read More

Security researchers are warning that vulnerabilities patched in the open-source Pimcore platform could have led to the execution of arbitrary code when clicking on a link. A digital experience platform, Pimcore provides data and user experience management capabilities to over 100,000 organizations worldwide. In March 2023, version 10.5.19 of the Pimcore platform resolved two issues that could have been used together to achieve arbitrary code execution, open source software security company Sonar Source says. The…

Read More