CyberSecurity Updates

05 Dec

When blaming the user for a security breach is unfair – or just wrong

Data Breaches, Malware, Social Engineering

In his career in IT security leadership, Aaron de Montmorency has seen a lot — an employee phished on their first day by someone impersonating the CEO, an HR department head asked to change the company’s direct deposit information by a bogus CFO, not to mention multichannel criminal engagement with threat actors attacking from social media to email to SMS text. In these cases, the users almost fell for it, but something didn’t feel right.…

Read More
05 Dec

Number Nine! Chrome fixes another 2022 zero-day, Edge not patched yet

Information

by Paul Ducklin It’s just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. The company said nothing more about that bug than to describe it as a “heap buffer overflow in GPU” [sic], and to report that it was already being used in real-world attacks. Google left all of the following questions unanswered: How might…

Read More
03 Dec

FBI Director Raises National Security Concerns About TikTok

Information, News

FBI Director Chris Wray is raising national security concerns about TikTok, warning Friday that control of the popular video sharing app is in the hands of a Chinese government “that doesn’t share our values.” Wray said the FBI was concerned that the Chinese had the ability to control the app’s recommendation algorithm, “which allows them to manipulate content, and if they want to, to use it for influence operations.” He also asserted that China could…

Read More
03 Dec

ScarCruft updates its toolset – Week in security with Tony Anscombe

Information

Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive This week, ESET researchers published their analysis of a previously undocumented backdoor that the ScarCruft APT group has used against carefully selected targets. ScarCruft is an espionage group that has been operating since at least 2012 and mainly takes aim at South Korea. The group’s new backdoor, which ESET named…

Read More
03 Dec

Apple pushes out iOS security update that’s more tight-lipped than ever

Information

by Paul Ducklin It’s just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words “a remote user may be able to cause unexpected app termination or arbitrary code execution”. Both macOS 13 Ventura and iPadOS got updated at the same time, with a pair of security bulletins published on Apple’s web site. Now, there’s another security update, apparently moving iPhone…

Read More
02 Dec

Newly Discovered Lilac Wolverine Associated with Gift Card Scams

Attacks, Malware

Gift card email scams still work as cyber criminals know how to exploit users’ emotions. Therefore, be cautious of such unsolicited emails that carry an emotionally charged plea to help someone who does not exist. Having good email security measures also helps block such emails from reaching inboxes. https://cyware.com/news/newly-discovered-lilac-wolverine-associated-with-gift-card-scams-8827ee76

Read More
02 Dec

Android Malware Used to Steal Facebook Accounts

Attacks, Malware

Vietnam has been the most affected country from these apps, but Android users in any country could have downloaded them. Android apps are constantly being used by threat actors because of the availability of third-party app stores and the lack of strict app guidelines for apps published within those stores. Android users should only download apps through the official Google Play Store and only from trusted developers. https://www.bleepingcomputer.com/news/security/android-malware-infected-300-000-devices-to-steal-facebook-accounts/

Read More
02 Dec

Hypr Raises $25 Million for Passwordless Authentication Platform

Information, News

New York City-based passwordless authentication solutions provider Hypr announced on Thursday that it has raised $25 million in a Series C1 funding round. The previous funding round, the Series C, was announced in April 2021, when the company raised $35 million. The latest investment, which brings the total to $97 million, was led by Advent International, with participation from .406 Ventures, RRE Ventures, Top Tier Capital, and Comcast Ventures. The money will be used to…

Read More
02 Dec

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges

Information, News

Qualys’ Threat Research Unit has shown how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system. The new vulnerability, tracked as CVE-2022-3328, is a race condition in Snapd, a Canonical-developed tool used for the Snap software packaging and deployment system. Specifically, the flaw impacts the ‘snap-confine’ program used by Snapd to construct the execution environment for Snap applications. The affected program is…

Read More
02 Dec

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

Information

ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group ESET researchers have analyzed a previously unreported backdoor used by the ScarCruft APT group. The backdoor, which we named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers. Its functionality is reserved for selected targets, to which the backdoor is deployed…

Read More