Security News > 2023 > July

Listeners will probably know that Virus Total is a very popular service where, if you've got a file that either you know it's malware and you want to know what lots of different products call it, or if you think, "Maybe I want to get the sample securely to as many vendors as possible, as quickly as possible". The file is meant to be made available to dozens of cybersecurity companies almost immediately.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Obit Kevin Mitnick, probably the world's most-famous computer hacker - and subsequently writer, public speaker, and security consultant - has succumbed to pancreatic cancer. "We've lost a true pioneer of the digital world, Kevin Mitnick," said Chris Wysopal, a former member of the L0pht team and today an infosec CTO. "His ingenuity challenged systems, incited dialogues, and pushed boundaries in cybersecurity. He will remain a testament to the uncharted power of curiosity."

The 2023 SANS Survey on API Security found that the top risk is phishing attacks. The 2023 global survey, which polled 231 application security professionals, found that fewer than 50% of respondents have API security testing tools in place and only 29% have API discovery tools.

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization's files, and then threatening to publish the stolen data on a leak site as leverage to convince victims to pay the ransom fee," security researchers Lior Rochberger and Shimi Cohen said in a new report shared with The Hacker News.

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser permissions," Eclypsium researchers Vlad Babkin and Scott Scheferman said in a report shared with The Hacker News.

Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller software made by hardware and software company American Megatrends International. MegaRAC BMC provides admins with "Out-of-band" and "Lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.

Google's Chrome 115 has a new feature that allows users to use Windows Mica material, a design element that enhances user personalization. Mica is a distinctive design feature that doesn't just stay opaque but fuses with the user's desktop theme and wallpaper.

All modern enterprises must accept the fact that at some point their systems or networks will very likely experience an unauthorized intrusion of some kind. A clear and concise plan of action will help counteract any intrusion into an enterprise network and mitigate potential damage.

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "The acquired admin privileges can further be leveraged to exploit another vulnerability allowing attackers to execute arbitrary code on the Apache OpenMeetings server."