Security News > 2023 > June

Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. Although the malware analysis is still underway, the cybersecurity firm noted that the 'Operation Triangulation' malware campaign uses an unknown zero-day exploit on iMessage to perform code execution without user interaction and elevated privileges.

The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. SpinOk was first discovered by Dr. Web late last month in a set of a hundred apps that had been collectively downloaded over 421 million times.

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. The firmware updates were released last Thursday in response to a report by hardware security company Eclypsium, who found flaws in a legitimate GIGABYTE feature used to install a software auto-update application in Windows.

After making passkeys available for consumers in early May, Google is now rolling them out for Google Workspace and Google Cloud accounts. "Google early data has shown that passkeys are 2x faster and 4x less error prone than passwords," researches noted.

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory.In May 2023, security researcher 'vdohney' disclosed a vulnerability and proof-of-concept exploit that allowed you to partially extract the cleartext KeepPass master password from a memory dump of the application.

For years, "Dark" markets have contained stolen credentials for sale. Users often reuse the same credentials across multiple services, making them vulnerable to theft.

Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site," the Microsoft Threat Intelligence team tweeted Sunday night.

The Qbot malware operation - which started more than a decade ago as banking trojan only to evolve into a backdoor and a delivery system for ransomware and other threats - continues to deftly adapt its techniques to stay ahead of security pros, according to a new report. Most recently, the operators behind Qbot - also known as Qakbot and Pinkslipbot - this year have shown new methods for delivering malware and a highly adaptable command-and-control infrastructure, with a quarter of those used being active for only a day, researchers with Lumen's Black Lotus Labs threat intelligence group write.

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software's MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Microsoft is attributing the initial attacks to the Cl0p ransomware group.