Security News > 2023 > March

With the EU Cyber Resilience Act, the industry is dealing with one of the strictest regulatory requirements. There are hardly any established procedures for this: "Among other things, the EU Cyber Resilience Act will require a cyber risk assessment before a product is put on the market. All manufacturers must start now to integrate the upcoming requirements into their product development, as the development of new products and variants often takes many months and years," says Jan Wendenburg, CEO of ONEKEY. Documentation requirements and the need for a SBOM. In addition to security measures against unauthorised access, companies will also be required to manage software vulnerabilities and patches in the future - before damage is caused by exploitable vulnerabilities.

An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. Using a hardware wallet like Trezor adds protection from malware and compromised devices, as the wallet is not meant to be connected to your PC. When setting up a new Trezor wallet, users are given a 12 or 24-word recovery seed that can be used to recover a wallet if a device is stolen, lost, or malfunctions.

Microsoft has added two new utilities to the open-source PowerToys toolset to help Windows users paste text without formatting and make moving the mouse across multiple screens or on ultra-wide monitors easier. As its name implies, the new "Paste as Plain Text" tool can quickly paste the most recent clipboard content as unformatted text into any app.

Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. Aruba Networks is a California-based subsidiary of Hewlett Packard Enterprise, specializing in computer networking and wireless connectivity solutions.

BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled. Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines.

Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails. Affected users see "550 5.4.1 Recipient address rejected: Access denied" errors when trying to send or when receiving messages, starting today at 1:11 PM UTC. "We're investigating an issue wherein users may be unable to access their Exchange Online mailboxes via any connection method. Additional details can be found within the Service Health Dashboard under EX522020," Microsoft tweeted earlier today.

The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise. According to a new report by Trend Micro, the hackers first tested the Linux version in July 2022.

Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and remote attackers can exploit in remote code execution attacks. The security vulnerabilities were discovered by Zack Sanchez of the Cisco Advanced Security Initiatives Group during internal security testing.

GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.In December 2022, GitHub began rolling out a beta of a free secret scanning feature to all public repositories that scan for 200+ token formats to help developers find accidental public exposure of sensitive data.

Russia's internet watchdog agency Roskomnadzor warns that laws banning the use of many foreign private messaging applications in Russian government and state agencies came into force today. "The law establishes a ban for a number of Russian organizations on the use of foreign messengers used for exchanging messages exclusively between their users, in which the sender determines the recipients of messages and does not provide for placement by Internet users publicly available information on the Internet)," warns Roskomnadzor in a translated alert published today on its portal.