CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two flaws to its known exploited vulnerabilities (KEV) catalog: a Chrome bug patched last week and a macOS bug exploited by the DazzleSpy malware. The Chrome vulnerability, tracked as CVE-2023-2033, was patched by Google on Friday with a Chrome 112 update. The flaw has been described as a type confusion issue affecting the V8 JavaScript engine. READ MORE...
Capita IT breach gets worse as Black Basta claims it's now selling off stolen data
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant. A spokesperson for the London-based corporation, which has UK government contracts totaling £6.5 billion ($8 billion), said it hasn't yet confirmed if that data leak is legit. READ MORE...
Fake Chrome updates spread malware
Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims. Researcher Rintaro Koike says this campaign has now expanded to also target those who speak Korean, Spanish, and Japanese. Additionally, Bleeping Computer notes that some of the affected sites include news, stores, and adult portals. READ MORE...
New QBot email attacks use PDF and WSF combo to install malware
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices. Qbot (aka QakBot) is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors. This initial access is done by dropping additional payloads, such as Cobalt Strike, Brute Ratel, and other malware that allows other threat actors to access the compromised device. READ MORE...
Ex-Conti members and FIN7 devs team up to push new Domino malware
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks. Domino is a relatively new malware family consisting of two components, a backdoor named 'Domino Backdoor,' which in turn drops a 'Domino Loader' that injects an info-stealing malware DLL into the memory of another process. READ MORE...
Pen Testers Need to Hack AI, but Also Question Its Existence
Samsung has banned some uses of ChatGPT, Ford Motor and Volkswagen shuttered their self-driving car firm, and a letter calling for a pause in training more powerful AI systems has garnered more than 25,000 signatures. Overreactions? No, says Davi Ottenheimer, the vice president of trust and digital ethics at Inrupt, a startup creating digital identity and security solutions. READ MORE...
Recycled Core Routers Exposed Sensitive Corporate Network Info
Cameron Camp had purchased a Juniper SRX240H router last year on eBay to use in a honeypot network he was building to study remote desktop protocol (RDP) exploits and attacks on Microsoft Exchange and industrial control systems devices. When the longtime security researcher at Eset booted up the secondhand Juniper router, to his surprise it displayed a hostname. READ MORE...
Military helicopter crash blamed on failure to apply software patch
An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a hefty side serving of pilot error. The helicopter in question is an MRH-90 Taipan operated by the Australian Army and was engaged in what's been described as "a routine counter-terrorism training activity" on March 23rd when it ditched just off a beach in the State of New South Wales. READ MORE...
- ...in 1775, Paul Revere and other riders alert the colonial militia to the approach of British forces, on the eve of the battles of Lexington and Concord.
- ...in 1906, the San Francisco earthquake and resulting fires destroy over 80% of the city, making it one of the worst natural disasters in American history.
- ...in 1938, Superman debuts in Action Comics #1, the first original "superhero" character to appear in a comic book.
- ...in 1953, actor Rick Moranis ("Little Shop of Horrors", "Honey, I Shrunk the Kids") is born in Toronto, Canada.
