The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country. The Norwegian Security and Service Organization (DSS) said on Monday that the cyberattack did not affect Norway's Prime Minister's Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs. READ MORE...
The North Korean state-sponsored Lazarus advanced persistent threat (APT) group is back with yet another impersonation scam, this time posing as developers or recruiters with legitimate GitHub or social media accounts. The notorious APT is using these personae in social engineering attacks that target a limited group of tech employees, inviting them to join GitHub development projects that then spread malware via malicious node package manager (npm) dependencies, GitHub is warning. READ MORE...
Although the precise connection between Russian threat group KillNet and the Kremlin remains nebulous, its high-profile, and increasingly effective, cyberattacks continue to align with Russian state interests. And its churning PR campaign is luring fellow cybercriminals, and their skills, into the operation. A new report out this week from Mandiant finds KillNet's media branding strategy is working, helping the group to consolidate Russian hacker power under one organization. READ MORE...
Apple's iOS 16, iPadOS 16, and macOS 13 operating systems are all due to be replaced with new versions in the next two or three months, but some bugs can't wait for a whole new release. The company has released iOS/iPadOS 16.6 and macOS 13.5 to fix several "actively exploited" security bugs, plus a handful of other security fixes for problems that have been reported to Apple but aren't being exploited in the wild yet. The release notes also mention unspecified "bug fixes" for each OS. READ MORE...
According to reports, Google is blocking some of its staff from accessing the internet in an attempt to enhance its cybersecurity. Some employees at Google will have internet access from their desktop PCs significantly restricted, CNBC reports, with only internal web-based tools and Google-owned sites such as Google Drive, Google Maps, and Gmail accessible. READ MORE...
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. The vulnerability is tracked as CVE-2023-20593 and is caused by the improper handling of an instruction called 'vzeroupper' during speculative execution, a common performance-enhancing technique used in all modern processors. READ MORE...
A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims. Tracked as CVE-2023-3519 and patched last week, the critical-severity bug can be exploited to execute arbitrary code remotely, without authentication, on vulnerable appliances that are configured as a gateway or AAA virtual server. READ MORE...
AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants. READ MORE...
If you'd been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you'd had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You'd probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue did: line up a world tour of conference appearances in the US, Germany and Denmark (Black Hat, Usenix, DEF CON, CCC and ISC), and turn your findings into a BWAIN. READ MORE...