Security News > 2023 > January

Two of the US government's leading security agencies are building a machine learning-based analytics environment to defend against rapidly evolving threats and create more resilient infrastructures for both government entities and private organizations. The Department of Homeland Security - in particular its Science and Technology Directorate research arm - and Cybersecurity and Infrastructure Security Agency picture a multicloud collaborative sandbox that will become a training ground for government boffins to test analytic methods and technologies that rely heavily on artificial intelligence and machine learning techniques.

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. "Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers," reads a report by Microsoft security researcher Sunders Bruskin.

The US Supreme Court has quashed spyware maker NSO Group's argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users' phones. Previously, the US Solicitor General filed an amicus brief [PDF] advising the Supreme Court not to hear the spyware developer's case, noting "NSO plainly is not entitled to immunity here."

Online markets selling drugs and other illegal substances on the dark web have started to use custom Android apps for increased privacy and to evade law enforcement. These apps allow shop clients to communicate with drug vendors and provide specific courier instructions for delivery.

If you're a programmer, whether you code for a hobby or professionally, you'll know that creating a new version of your project - an official "Release" version that you yourself, or your friends, or your customers, will actually install and use - is always a bit of a white-knuckle ride. The idea is simple: every time anyone makes a change in their part of the project, grab that person's new code, and whisk them and their new code through a full build-and-test cycle, just like you would before creating a final release version.

GitHub has introduced a new option to set up code scanning for a repository known as "Default setup," designed to help developers configure it automatically with just a few clicks. While the CodeQL code analysis engine, which powers GitHub's code scanning, comes with support for many languages and compilers, the new option only shows up for Python, JavaScript, and Ruby repositories.

Auth0 fixed a remote code execution vulnerability in the immensely popular 'JsonWebToken' open-source library used by over 22,000 projects and downloaded over 36 million times per month on NPM. The library is used in open source projects created by Microsoft, Twilio, Salesforce, Intuit, Box, IBM, Docusign, Slack, SAP, and many more. The JsonWebToken project is an open-source library used to create, sign, and verify JSON Web tokens.

Threat actors abused an open redirect on the official website of the United Kingdom's Department for Environment, Food & Rural Affairs to direct visitors to fake OnlyFans adult dating sites. As part of this malicious campaign, threat actors abused an open redirect at that looked like a legitimate U.K. government link but redirected visitors to the fake OnlyFans dating site.

Microsoft has addressed a known issue breaking provisioning on Windows 11 22H2 systems and leaving enterprise endpoints partially configured and failing to finish installing. The issue was first acknowledged in October 2022 when Redmond said using provisioning packages after installing the Windows 11 2022 Update might not work as expected, failing with 0x800700b7 errors.

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.