CyberSecurity Updates

06 Jul

Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR

Attacks, Insights, Malware

Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox, and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates: Security Vulnerabilities fixed in Firefox 115 Mozilla Foundation Security Advisory 2023-24 Security Vulnerabilities fixed in Firefox ESR 102.13 Mozilla Foundation Security Advisory 2023-23 Security Vulnerabilities fixed in Thunderbird 102.13…

Read More
06 Jul

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors…

Read More
06 Jul

Firefox 115 is out, says farewell to older Windows and Mac users

Information

by Paul Ducklin Firefox’s latest monthly update just came out, bumping the primary version of the popular alternative browser to 115.0. OK, it’s technically a once-every-four-weeks update, so that there will sometimes be two major updates in a single calendar month, just as you sometimes get two full moons in a month, but this month there’s only one. (At the end of next month, August 2023, there will co-incidentally be both a blue moon, which…

Read More
05 Jul

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech

Information, News

Infisical, a San Francisco startup working on open-source technology to help organizations manage secrets sprawl, has banked $2.8 million in seed funding as investors continue to bet on early stage companies in the supply chain security space. Infisical’s seed round was led by Gradient Ventures, the Google-owned venture capital outfit.  The company said it also took on equity investments from Y Combinator, TwentyTwo VC, and a prominent list of prominent tech executives. The Silicon Valley…

Read More
05 Jul

Deepfaking it: What to know about deepfake‑driven sextortion schemes

Information

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns The U.S. Federal Bureau of Investigation (FBI) is warning about an increase in extortion campaigns where criminals tap into readily available artificial intelligence (AI) tools to create sexually explicit deepfakes from people’s innocent photos and then harass or blackmail them. According to its recent Public Service Announcement, the Bureau has received a growing number of…

Read More
05 Jul

Ghostscript bug could allow rogue documents to run system commands

Information

by Paul Ducklin Even if you haven’t heard of the venerable Ghostscript project, you may very well have used it without knowing. Alternatively, you may have it baked into a cloud service that you offer, or have it preinstalled and ready to go if you use a package-based software service such as a BSD or Linux distro, Homebrew on a Mac, or Chocolatey on Windows. Ghostscript is a free and open-source implementation of Adobe’s widely-used…

Read More
04 Jul

Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Information

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents Contrary to common perception, small and medium-sized businesses (SMBs) are often the target of cyberattacks. That’s understandable, as in the US and UK, they comprise over 99% of businesses, a majority of private sector jobs and around half of earnings. But if you’re an IT or business leader at a smaller organization,…

Read More
04 Jul

WordPress plugin lets users become admins – Patch early, patch often!

Information

by Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it to the latest version. Over the weekend, the plugin’s creator published version 2.6.7, which is supposed to patch a serious security hole, described by user @softwaregeek on the WordPress support site as follows: A critical vulnerability in the plugin (CVE-2023-3460) allows an unauthenticated attacker to register as an administrator and take full control of the…

Read More
03 Jul

Who’s Behind the DomainNetworks Snail Mail Scam?

Information, Insights

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about…

Read More
03 Jul

VMware, Other Tech Giants Announce Push for Confidential Computing Standards

Information, News

In conjunction with the 2023 Confidential Computing Summit last week, VMware announced a partnership with tech giants to accelerate the development of confidential computing applications. Confidential computing relies on a trusted execution environment that ensures the integrity and confidentiality of applications and data, even in the cloud and on third-party infrastructure. With the emergence of multi-cloud deployments and machine learning, confidential computing is expected to help protect intellectual property and sensitive data, but its adoption…

Read More