Security News > 2023 > February

Dole Food Company, one of the world' largest producers and distributors of fresh fruit and vegetables, has announced that it is dealing with a ransomware attack that impacted its operations. In a statement on its website, Dole says that it has already engaged with third-party experts who help with the remediation and security of impacted systems.

Verizon, in its most recent Data Breach Investigations Report, revealed that finance is the single most targeted industry worldwide when it comes to basic web application attacks. To enable the different code to get along, they use credentials - secret keys, tokens and so on.

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: "The Cyber Defense Assistance Imperative Lessons from Ukraine." As a result, it is timely to assess how to provide organized, effective cyber defense assistance to safeguard the post-war order from potential aggressors.

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa.

The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest² report. "Asked to rank business functions most likely be involved in a first round of layoffs, 31% of respondents cited cybersecurity as the least likely to be impacted. In comparison, a far higher number of respondents ranked HR, sales and operations higher for likely job cuts,"² noted.

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine.

Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of times collectively.

Data in transit means data is at risk if the proper precautions aren't followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems.

The threat actor is being tracked as Clasiopa by Symantec, a Broadcom company, whose analysts found a clue pointing to an Indian threat actor. Symantec's investigation revealed that along with its backdoor, Clasiopa also used legitimate software such as Agile DGS and Agile FD, signed with old certificates.

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components.