Security News > 2023 > February

The National Institute of Standards and Technology announced that ASCON is the winning bid for the "Lightweight cryptography" program to find the best algorithm to protect small IoT devices with limited hardware resources. The weak chips inside these devices call for an algorithm that can deliver robust encryption at very little computational power.

Security researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor the players' systems. The unknown attacker created four game mods for the highly popular Dota 2 multiplayer online battle arena video game and published them on the Steam store to target the game's fans, as Avast Threat Labs researchers found.

Security researchers have discovered four malicious Dota 2 game modes that were used by a threat actor to backdoor the players' systems. The unknown attacker created four game modes for the highly popular Dota 2 multiplayer online battle arena video game and published them on the Steam store to target the game's fans, as Avast Threat Labs researchers found.

A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels, which allows easier abuse of sensitive permissions. Starting with the "Runtime receivers," which enable apps to receive intents broadcast by the system or other applications, all apps targeting Android 14 must declare if they need to receive information from other apps or if they should be limited to system "Broadcasts."

The U.S. National Institute of Standards and Technology has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things, including its myriad tiny sensors and actuators," NIST said.

Microsoft and Adobe have partnered to integrate the Adobe Acrobat PDF rendering engine directly into the Edge browser, replacing the existing PDF engine. Starting in March 2023, new versions of Microsoft Edge for Windows 10 and Windows 11 will roll out that includes this new PDF engine.

Money Lover is a finance app allowing users to manage their expenses and budgets that has been downloaded five million times on the Play Store, with the app also available for iOS and Windows. Money Lover allows users to create "Shared wallets" with specific users, like family members or coworkers, to log transactions to collaborate in expense logging and monitoring.

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "An attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization." The list of eight cross-site scripting flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows -.

The ransomware attack on Rackspace has taught us the importance of good cybersecurity habits. Rackspace took to social media on December 6, 2022, posting on Twitter that the outage resulted from a ransomware attack.

A Sydney man has been sentenced to an 18-month Community Correction Order and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme.