Security News > 2023 > March

A report released Wednesday by password manager NordPass indicates that some employees at some of the richest companies are using weak passwords. In an analysis of the world's 500 largest companies by market capitalization across 20 industries and 31 countries, NordPass found that weak and easily crackable passwords were prevalent.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies today to patch security vulnerabilities exploited as zero-days in recent attacks to install commercial spyware on mobile devices. One month later, a complex chain of multiple 0-days and n-days was exploited to target Samsung Android phones running up-to-date Samsung Internet Browser versions.

DOUG. Honeypots, patches and the passing of an icon. DUCK. I know where I want it to stop, Doug!

Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware. The targeted flaws are CVE-2021-35394, a critical remote code execution vulnerability in Realtek Jungle SDK, and CVE-2022-46169, a critical command injection flaw in the Cacti fault management monitoring tool.

NCC Group's Global Threat Intelligence team, in its monthly cybersecurity Threat Pulse, noted there were 240 ransomware attacks in February 2023 - a 45% increase from the record-high number of attacks in January. The NCC Group also reported that ransomware LockBit 3.0 was the leading arrowhead, with the eponymous threat group having launched 129, or 54%, of ransomware salvos last month, including an attack on the U.K.'s Royal Mail.

Microsoft says a new Windows 11 preview build rolling out today will allow Insiders to test the company's adaptive brightness feature on more systems. While Content Adaptive Brightness Control could previously only be used on laptops while running on battery, CABC can now also be toggled on plugged-in devices.

A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users. Wiz researchers found that when creating an application in Azure App Services and Azure Functions, the app can be mistakenly configured to allow users from any Microsoft tenant, including public users, to log in to the application.

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383, the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw that was fixed by Microsoft in October 2022.

Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX - and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated. Its customers are said to include the NHS in the UK, American Express, Coca Cola, and MIT. It still sells VoIP systems, and it's exactly those that appear to have fallen victim to a supply chain attack.

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.