Month: January 2023

Vulnerabilities

Issued by: Dark Reading

Tracking malicious hackers’ early activities using open source intelligence can offer substantial clues about the likelihood of their becoming a persistent threat in the future, two university researchers claimed in a report this week. That knowledge can help guide early intervention efforts to nudge fledgling hackers off their criminal trajectories, they noted. Christian Howell, assistant…

Vulnerabilities

Issued by: Security Week

The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,”…

Network Security

Issued by: Dark Reading

In 2022, we saw broad support behind federal privacy legislation in the US Congress. While the American Data Privacy Protection Act (ADPPA) did not see the president’s pen prior to the midterms, the fact that such a bill saw a committee vote in the House — approved 53–2, with bipartisan support — and both industry…

Malware & Threats

Issued by: Security Week

IT service providers use RMM applications to remotely manage their clients’ networks and endpoints, but threat actors are abusing these tools to gain unauthorized access to victim environments and perform nefarious activities. In malicious campaigns observed in 2022, threat actors sent phishing emails to deploy legitimate RMM software such as ConnectWise Control (previously ScreenConnect) and…

Malware & Threats

Issued by: CSO Online

Organizations in Taiwan, Hong Kong, Singapore, and China have been recently facing attacks from Chinese threat actor DragonSpark. The threat actor was observed using the open-source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, feature-rich, and frequently updated with new features, making the remote access Trojan (RAT) attractive to…

Vulnerabilities

Issued by: CSO Online

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft…

Mobile Security

Issued by: Security Affairs

On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed the vulnerability with improved state handling for the iPhone 6s (all models),…