Security News > 2023 > April

Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs. The most significant discovery is the use of universal credentials that are hardcoded in the firmware and also easy to obtain from the client communication with Nexx's API. The vulnerability can also be exploited to identify Nexx users, allowing an attacker to collect email addresses, device IDs, and first names.

Portuguese users are being targeted by a new malware codenamed CryptoClippy that's capable of stealing cryptocurrency as part of a malvertising campaign. The activity leverages SEO poisoning techniques to entice users searching for "WhatsApp web" to rogue domains hosting the malware, Palo Alto Networks Unit 42 said in a new report published today.

Not only are there ways around biometric authentication, but not all biometric methods are created equal. For optimal security it would be ideal for biometric systems to require a live biometric to be presented at each access point.

In Malwarebytes' most recent report on the current state of malware, the company has identified several high-profile cyber threats that organizations should be on the lookout for in 2023. Two of the currently most threatening malwares are Emotet and SocGholish.

An unknown threat actor used a malicious self-extracting archive file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software to display the file contents.

A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant said it began monitoring the group in 2012, adding it has "Observed the group target individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues."

Attackers are exploiting the good reputation and "Openness" of the popular public JavaScript software registry NPM to deliver malware and scams, but are also simultaneously and inadvertently launching DoS attacks against the service. Malicious package on NPM pointing to a site serving malware.

Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Businesses need to defend against malware entering the network, and then on top of that have systems and processes in place to restrict the damage that malware can do if it infects a user device.

Redmond in April 2022 unveiled Windows Autopatch to automate updates to endpoints, but still giving administrators controls to adapt or make changes as needed. In this case, Autopatch beginning in May will include the ability to alert them to expired licenses that need to be renewed or replaced to retain access to Autopatch.

The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version that packs in improved capabilities to evade detection and resist analysis. Based on another stealer malware called Prynt Stealer, Typhon is also capable of delivering the XMRig cryptocurrency miner.