Security News > 2023 > February

They existed simply as placeholders for README files that included the final links that the crooks wanted people to click on. These links typically including referral codes that would net the scammers a modest reward, even if the person clicking through was doing so simply to see what on earth was going on.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Threat actors are targeting Internet-exposed Fortinet appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution. These attacks come one day after Horizon3 security researchers released proof-of-concept exploit code for the critical-severity flaw that will add a cron job to initiate a reverse shell on compromised systems as the root user.

An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency. Security researchers with Bitdefender's Advanced Threat Control team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.

VMware has released a critical security upgrade to address a critical injection vulnerability that impacts several versions of Carbon Black App Control for Windows. Carbon Black App Control is a suite designed to help large organizations ensure that its critical endpoints run only trusted and approved software.

A previously unknown threat actor named Hydrochasma has been targeting shipping and medical laboratories involved in COVID-19 vaccine development and treatments. A characteristic of Hydrochasma attacks is that they rely only on open-source tools and "Living off the land" tactics, leaving no traces that could lead to attribution.

Whether you are using the traditional waterfall method for development, the more flexible agile approach, or the always-on continuous development, your pen testing schedule should reflect your specific needs. This pen testing schedule is sometimes referred to as traditional pen testing.

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component that could enable a malicious actor to read arbitrary files as root. "An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges," Apple said, adding it patched the issues with "Improved memory handling."

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates. In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four of 17 industries studied - computer hardware and chips, cybersecurity, energy and clean tech, and the Internet of Things - open source software was in 100 percent of audited codebases.

Here's a story about a hacker who reprogrammed a device called "Flipper Zero" to mimic Opticom transmitters-to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data on the same wireless frequencies as keyfobs and other devices.