Security News > 2023 > May

Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims. In Q1 2023, researchers identified 12 vulnerabilities newly associated with ransomware.

Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code. Potentially tens of thousands of people downloaded the software before ESET researchers found the hidden malware and alerted Google, which pulled the app from its online store.

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs. WordPress security company Defiant, which spotted the attacks, says the vulnerability in question also allows unauthenticated attackers to create rogue admin accounts on WordPress websites running unpatched plugin versions.

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. "Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the Microsoft Threat Intelligence team said.

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper. While The Inquirer confirmed Cuba had claimed responsibility for the break-in, it insisted that any documents posted by the gang on the dark web were not swiped from the newspaper.

Cloudflare announced on May 15, 2023 a new suite of zero-trust security tools for companies to leverage the benefits of AI technologies while mitigating risks.The Cloudflare One platform's new tools and features are Cloudflare Gateway, service tokens, Cloudflare Tunnel, Cloudflare Data Loss Prevention and Cloudflare's cloud access security broker.

The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline. These days, we usually expand the jargon term MitM to mean Manipulator in the Middle, not merely to avoid the gendered term "Man", but also because many, if not most, MitM attacks these days are performed by machines.

Here's a look at the current top facial recognition software vendors, as well as use cases for the technology. Facial recognition software vendors Amazon Rekognition: Best overall facial recognition software.

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity path traversal flaw tracked as CVE-2023-2825.GitLab is a web-based Git repository for developer teams that need to manage their code remotely and has approximately 30 million registered users and one million paying customers.

A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. Notably, the malware communicates with its command-and-control server via emails sent using the Exchange Web Services API, sending stolen info and receiving base64-encoded commands through text attachments to emails with the "Update Microsoft Edge" subject.