Security News > 2023 > May

In this report, the Elastic Security team highlights how they've noticed a slight increase in Linux binaries with the capability to leverage a proxy for potential command and control purposes. When targeting Linux endpoints, adversary playbooks often include using a backdoor binary, as previously discussed, followed by installing a proxy server for command and control.

As highlighted by Postman's 2022 State of the API Report, "89% of respondents said organizations' investment of time and resources into APIs will increase or stay the same over the next 12 months," emphasizing the confidence in the growth of API development and deployment. SBOMs play a vital role in API risk evaluation and monitoring by providing visibility into the API's underlying components, making it easier to identify potential vulnerabilities and manage risks associated with third-party dependencies.

Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International was stolen and dumped online. It's understood the private keys were generated by MSI to use with Intel's BootGuard technology, and were among internal source code and other materials taken from the computer parts maker's IT systems last month - at least some of which has since been shared on the internet.

Customer information was stolen from the IT systems of Western Digital in that March IT security breach, forcing the storage manufacturer to shut down its online store until at least next week. Western Digital first disclosed the intrusion in early April, saying that in late March its engineers discovered someone had broken into "a number" of the biz's systems.

WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting attacks. Because of the hundreds of millions of sites that use it, WordPress also has become a popular target of miscreants that want to exploit any flaws in the system - it's where the money is.

Twitter has finally admitted a "Security incident" caused some users' semi-private Twitter Circle tweets to show up on others' timelines. "In April 2023, a security incident that may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting," the email stated.

The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as 'booter' or 'stressor' services. "As part of an ongoing initiative targeting computer attack 'booter' services, the Justice Department today announced the court-authorized seizure of 13 internet domains associated with these DDoS-for-hire services," the Department of Justice said.

Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.

Determining the applications that can access data on your Mac is easier thanks to Apple including the Full Disk Access menu within its Privacy & Security System Settings. Not all of those programs necessarily require full disk access - that is, permissions to read, write and execute files stored throughout your Mac's hard disk - all the time.

Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication fatigue attacks. As previously announced, Microsoft will start enforcing number matching for Microsoft Authenticator MFA alerts to block MFA fatigue attack attempts across tenants beginning today.