Security News > 2023 > July

A hacking unit of North Korea's Reconnaissance General Bureau was linked to the JumpCloud breach after the attackers made an operational security mistake, inadvertently exposing their real-world IP addresses. While North Korean state hackers are known for using commercial VPN services to mask their IP addresses and actual locations, during the JumpCloud attack, the VPNs they were using failed and exposed their location in Pyongyang while connecting to a victim's network.

Microsoft shared a workaround for Outlook Desktop blocking attempts to open IP address or fully qualified domain name hyperlinks after installing this month's security updates. "Outlook blocks opening FQDN and IP address hyperlinks after installing protections for Microsoft Outlook Security Feature Bypass Vulnerability released July 11, 2023," the company says.

The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software. The Norwegian Security and Service Organization informed the National Security Authority when the cyberattack was discovered and engaged the police, who are currently investigating the incident.

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. Cl0p's attack resulted in the cybercriminal group exfiltrating sensitive information from MOVEit Transfer installations run either by the victim organizations or third-party service providers.

Threat actors are already engaging in rigorous discussions of how language models can be used for everything from identifying 0-day exploits to craft spear-phishing emails. Threat exposure management firm Flare has identified more than 200,000 OpenAI credentials currently being sold on the dark web in the form of stealer logs.

Seven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology." Test the security of their AI systems before launch Share knowledge about AI risk management best practices among themselves and with the government.

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. "For instance, misconfigured Custom Actions running as NT AUTHORITYSYSTEM can be exploited by attackers to execute local privilege escalation attacks."

Google has announced that it intends to add support for Message Layer Security to its Messages service for Android and open source implementation of the specification. "Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as post-compromise security. And, like TLS 1.3, MLS provides robust authentication."

The healthcare industry was hesitant to adopt SaaS applications. Learn how to secure your entire SaaS stack with an SSPM solution.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.