Security News > 2023 > January

The study finds a significant disconnect between data privacy measures by companies and what consumers expect from organizations, especially when it relates to how organizations apply and use artificial intelligence. The survey showed 60 percent of consumers are concerned about how organizations apply and use AI today, and 65 percent already have lost trust in organizations over their AI practices.

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. There are no reports of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.

The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft last year of $100 million in crypto assets from blockchain startup Harmony. In its January 23 statement on the matter, the FBI said the attack on Harmony was part of a North Korean malware campaign named "TraderTraitor."

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. While there appear to be many threat actors abusing the Google Ads platform to distribute malware, two particular campaigns stand out, as their infrastructure was previously associated with ransomware attacks.

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. vRealize Log Insight is a log analysis and management tool that helps analyze terabytes of infrastructure and application logs in VMware environments.

On Monday, Apple released iOS 12.5.7 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch. "Processing maliciously crafted web content may lead to arbitrary code execution," Apple warned in the security update.

T-Mobile and millions of its customers have been the victims of another data breach - this one apparently carried out by hackers who knew how to exploit an application programing interface used by the carrier. The API did not leak other personal data such as payment card numbers, Social Security numbers, driver's license numbers, passwords, or PINs, according to T-Mobile.

The researchers explain that attackers using search engine optimization poisoning are generally more successful "When they SEO poison the results of popular downloads associated with organizations that do not have extensive internal brand protection resources." SEO poisoning attacks consist of altering search engines results so that the first advertised links actually lead to attacker controlled sites, generally to infect visitors with malware or to attract more people on ad fraud.

Microsoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer launch. The newly acknowledged issue affects only client platforms, including Windows 10 20H2, 21H2, and 22H2, and Windows 11, version 22H2. "The Start menu, Windows search, and Universal Windows Platform apps might not work as expected or might have issues opening," Redmond said.

Research conducted by Fujitsu suggests there is no need to panic about quantum computers being able to decode encrypted data - this is unlikely to happen in the near future, it claims. Fujitsu said it ran trials using its 39-qubit quantum simulator hardware to assess how difficult it would be for quantum computers to crack data encrypted with the RSA cipher, using a Shor's algorithm approach.