Security News > 2023 > April

Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. "Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device," Zyxel said in an advisory on April 25, 2023.

The Commission adopted the first designation decisions under the Digital Services Act, designating 17 Very Large Online Platforms and 2 Very Large Online Search Engines that reach at least 45 million monthly active users. Following their designation, the companies will now have to comply, within four months, with the full set of new obligations under the DSA. These aim at empowering and protecting users online, including minors, by requiring the designated services to assess and mitigate their systemic risks and to provide robust content moderation tools.

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension capable of siphoning cryptocurrencies from wallet applications. Now a new analysis from Trend Micro has revealed the malware's adoption of "More sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking."

An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The remarkable thing here is that the skimmer looks more authentic than the original payment page."

Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland are experiencing web and mobile app outages leaving customers unable to access their account balances and information. BleepingComputer has been able to confirm that the four major UK banks are currently experiencing disruptions related to their online banking and mobile banking systems since the early morning hours of Friday, April 28th. Websites of banks including Lloyds, Halifax, TSB, and Bank of Scotland admit that some customers are having issues when accessing Internet and Mobile banking services.

Construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center said in a report published this week.

Generative AI has captured the imagination of millions worldwide, largely driven by the recent success of ChatGPT, the text-generation chatbot. Our new research showed that globally, 67% of consumers have heard of generative AI technologies, and in some markets, like Singapore, almost half have used an application that uses them.

Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. There are currently almost four million employees within the FTSE 100 companies, and research reveals 56% of employees reset their passwords at least once every month in 2022.

The report revealed a significant increase in MFA deployment for customers, which jumped to 57% from 45%. "Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we're seeing they're still using them as primary tools of defense," said Ronnie Manning, CMO, Yubico. "Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world," Manning continued.

5G connectivity has reached a tipping point globally as 5G networks are now active in 47 of the world's 70 largest economies by GDP, according to Viavi. 5G Standalone networks, meaning networks that have been built using a new 5G core and which operate independently of existing 4G infrastructure, are rapidly gaining momentum around the world.