Researchers have unearthed never-before-seen wiper malware tied to the Kremlin and an operation two years ago that took out more than 10,000 satellite modems located mainly in Ukraine on the eve of Russia's invasion of its neighboring country. AcidPour, as researchers from security firm Sentinel One have named the new malware, has stark similarities to AcidRain, a wiper discovered in March 2022 that Viasat has confirmed was used in the attack on its modems earlier that month. READ MORE...
A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. READ MORE...
Shadow IT - the use of software, hardware, systems and services that haven't been approved by an organization's IT/IT Sec departments - has been a problem for the last couple of decades, and a difficult area for IT leaders to manage effectively. Similarly to shadow IT, shadow AI refers to all the AI-enabled products and platforms being used within your organization that those departments don't know about. READ MORE...
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC). READ MORE...
Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. A paper presented at the 2024 Network and Distributed System Security Symposium demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles. READ MORE...
Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42 research team, have been tracking a massive phishing campaign linked to the distribution of the SmokeLoader malware. READ MORE...
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on WordPress sites to inject the malicious Sign1 scripts rather than modifying the actual WordPress files. Website security firm Sucuri discovered the campaign after a client's website randomly displayed popup ads to visitors. READ MORE...
A newly discovered vulnerability baked into Apple's M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. The flaw-a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols-can't be patched directly because it stems from the microarchitectural design of the silicon itself. READ MORE...
A vulnerability in Amazon Web Services' (AWS) Managed Workflows for Apache Airflow (MWAA) could have allowed hackers to access users' sessions, perform remote code execution (RCE), move laterally within enterprise cloud environments, and more. But all that is just a manifestation of a much deeper-rooted misconfiguration threat researchers identified across AWS, Microsoft Azure, and Google Cloud. READ MORE...
Ivanti, whose products have been a big target for attackers recently, has disclosed two more critical vulnerabilities in its technologies - raising more questions about the security of its products in the process. One of the flaws, tracked as CVE-2023-41724 (CVSS vulnerability-severity score of 9.6 out of 10) is a remote code execution vulnerability in Ivanti Standalone Sentry that researchers from NATO Cyber Security Center reported to the company. READ MORE...
A security vulnerability in Dormakaba's Saflok electronic locks can be exploited to forge keycards and open doors, security researchers warn. The issue, named Unsaflok, impacts more than three million locks commonly used in hotels and multi-family housing environments. A total of more than 13,000 locations across 131 countries are likely affected. Vulnerable lock models include Saflok MT and the Quantum, RT, Saffire, and Confidant series devices. READ MORE...