Security News > 2023 > July

Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems. The Haifa Bay-based BAZAN Group, formerly Oil Refineries Ltd., generates over $13.5 billion in annual revenue and employs more than 1,800 people.

Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems. The Haifa Bay-based BAZAN Group, formerly Oil Refineries Ltd., generates over $13.5 billion in annual revenue and employs more than 1,800 people.

Key factors for effective security automationIn this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated with human expertise, the challenges in ensuring data integrity, and the considerations when automating advanced tasks. MikroTik vulnerability could be used to hijack 900,000 routersA privilege escalation vulnerability could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines.

The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise. With VMware ESXi being one of the most popular virtual machine platforms, almost every ransomware gang has begun to release Linux encryptors to encrypt all virtual servers on a device.

Google's plans to introduce the Web Environment Integrity API on Chrome has been met with fierce backlash from internet software developers, drawing criticism for limiting user freedom and undermining the core principles of the open web. Google says this is not a privacy risk as it does not enable cross-site user tracking and won't interfere with browser or plugins/extensions functionality.

Turns out, Apple's App Store can't accept the new name for Twitter's iOS app because of minimum character requirements. This week, both Google Play and Apple's App Store pushed updated versions of the Twitter app respectively for Android and iOS users.

A new Android malware strain called CherryBlos has been observed making use of optical character recognition techniques to gather sensitive data stored in pictures. Besides displaying fake overlays on top of legitimate crypto wallet apps to steal credentials and make fraudulent fund transfers to an attacker-controlled address, CherryBlos utilizes OCR to recognize potential mnemonic phrases from images and photos stored on the device, the results of which are periodically uploaded to a remote server.

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. The iPhone maker said it's making the move to ensure that such APIs are not abused by app developers to collect device signals to carry out fingerprinting, which could be employed to uniquely identify users across different apps and websites for other purposes such as targeted advertising.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday disclosed details of a "Novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway appliances. The findings come from an analysis of malware samples obtained from an unnamed organization that had been compromised by threat actors exploiting a critical flaw in ESG devices, CVE-2023-2868, which allows for remote command injection.

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. "This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions."