Security News > 2023 > June

Criminal IP Unveils Bug Bounty Program to Boost User Safety, Security
2023-06-29 14:02

Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty program aimed at strengthening the safety of its services and protecting its users. The bug bounty program introduced by Criminal IP encourages security researchers to identify and report potentially exploitable vulnerabilities within its systems.

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes
2023-06-29 13:40

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "Represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.

PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
2023-06-29 11:08

An authentication bypass vulnerability in the Arcserve Unified Data Protection enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found - and have released a PoC exploit for it."At this time, Arcserve is not aware of any active attempts to exploit this vulnerability," the company said on Tuesday, when it pushed out fixes for the flaw.

The Right Way to Enhance CTI with AI (Hint: It's the Data)
2023-06-29 10:56

Enter generative AI. Many cybersecurity companies - and more specifically, threat intelligence companies - are bringing generative AI to market to simplify threat intelligence and make it faster and easier to harness valuable insights from the vast pool of CTI data. Gain insights into AI models, cybersecurity importance, advanced threat intelligence, CTI accessibility, and choosing the right solution.

#AI
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
2023-06-29 10:49

The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control server," Kaspersky said in a new report.

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data
2023-06-29 10:34

Roid-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts," LetMeSpy said in an announcement on its website, noting the incident took place on June 21, 2023.

Microsoft fixes bug that breaks Windows Start Menu, UWP apps
2023-06-29 10:33

Microsoft has addressed a bug causing Windows Search and the Start Menu to become unresponsive and some Windows applications to no longer open. "The Start menu, Windows search, and Universal Windows Platform apps might not work as expected or might have issues opening," Microsoft says on the Windows health dashboard.

How to View Your SSH Keys in Linux, macOS and Windows
2023-06-29 10:00

Pub The command will print out your SSH key on your Linux machine without prompting you for your key authentication password. How to view your SSH public key on macOS. Viewing your keys on macOS can be done in a similar fashion as on Linux.

Trellix fixes bug breaking Office apps after June Windows updates
2023-06-29 09:10

Cybersecurity firm Trellix has addressed an incompatibility issue causing Endpoint Security Agent's Exploit Guard module to block some Microsoft Office and third-party apps from opening after...

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts
2023-06-29 07:24

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982, the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4.