Security News > 2022 > November

Threat actors are using newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Android users. The attackers are promoting the malicious VPN app as a simple way to circumvent censorship of religious materials in certain regions.

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. The latest set of attacks, observed between March and June 2022, involve the use of a bogus Microsoft Word file and a self-extracting archive file in RAR format propagated via spear-phishing emails, leading to the execution of a backdoor called LODEINFO. While the maldoc requires users to enable macros to activate the killchain, the June 2022 campaign was found to drop this method in favor of an SFX file that, when executed, displays a harmless decoy Word document to conceal the malicious activities.

The UK's Home Secretary - the minister in charge of policing and internal security - has been forced to apologize for breaching IT security protocols in government. On another occasion, she accidentally forwarded official documents to a Member of Parliament from her Gmail account because she did not have her phone with her.

With most organizations today using Microsoft's Active Directory Domain Services as their on-premises identity and access management authentication solution, it creates challenges for admins looking to bolster their password security. As an example, regex can help identify and filter the following passphrase elements in your Active Directory environment and can be used with custom requirements to define passphrases used in the environment.

Analysts at Orca Security have found a critical vulnerability affecting Azure Cosmos DB that allowed unauthenticated read and write access to containers.Named CosMiss, the security issue is in Azure Cosmos DB built-in Jupyter Notebooks that integrate into the Azure portal and Azure Cosmos DB accounts for querying, analyzing, and visualizing NoSQL data and results easier.

As the data scientist he is, he, of course, asked the data: how good is the open source community at finding vulnerabilities in a timely manner? Finding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external security researchers.

Common IoT devices include security cameras, industrial lighting systems, and manufacturing controllers managed by a web-based solution. Some commonly overlooked IoT devices include multi-function printers, security scanners, and inventory scanners.

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw.

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where.

Clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware. Reddit user ZachIngram04 earlier shared the development stating that the ad previously took users to a Dropbox URL to serve malware, but was soon "Replaced with an even more malicious one" which employed a fake replica website 'gilimp.org' to serve malware.