Security News > 2023 > August

Researchers have discovered how to trick you into thinking your iPhone is in Airplane mode while actually leaving mobile data turned on. The main one seems to be that when you're setting up the light bulb for the first time, there is some effort put into making sure that the app and the light bulb each reason that they are communicating with the right sort of code at the other end.

The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway remote command injection flaw are "Ineffective," and patched appliances are still being compromised in ongoing attacks. Even though the Barracuda patched all appliances remotely and blocked the attackers' access to the breached devices on May 20, one day after the bug was identified, it also warned all customers on June 7 that they must replace all impacted appliances immediately, likely because it couldn't ensure the complete removal of malware deployed in the attacks.

Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of the year the hackers' median dwell time dropped to five days from nine in 2022.

Google announced security enhancements to Google Workspace focused on enhancing threat defense controls with Google AI. At a Google Cloud press event on Tuesday, the company announced Google Cloud's rollout over the course of this year of new AI-powered data security tools bringing zero-trust features to Workspace, Drive, Gmail and data sovereignty.The focus of the new enhancements across Google Drive includes a slew of zero-trust aligned, AI-powered enhancements to its cloud-native architecture, according to Google, which said AI will drive automated data labeling and classification to defend against exfiltration attempts by threat actors.

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication. Jupiter X Core is an easy-to-use yet powerful visual editor, part of the Jupiter X theme, which is used in over 172,000 websites.

Microsoft says the August 2023 preview updates released this week for Windows 11 and Windows 10 systems are causing blue screens with errors mentioning an unsupported processor issue. The updates in question are tagged as KB5029351 and KB5029331, and they come with Search app fixes and introduce a new Backup app, respectively.

Cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location of infected devices through WiFi scanning and Google's geolocation API. Google's geolocation API is a service that accepts HTTPS requests with WiFi access point information and returns latitude and longitude coordinates to locate devices that do not have a GPS system. Smoke Loader is a modular malware dropper that has been around for several years, primarily used in the early stages of a compromise to deliver new payloads.

Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems. Successful exploitation can let them run system commands or write files onto systems running Ivanti Sentry versions 9.18 and prior.

The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis published today. What's more, a closer examination of the adversary's recycled attack infrastructure in its cyber assaults on enterprises has led to the discovery of a new threat dubbed CollectionRAT. The fact that the Lazarus Group continues to rely on the same tradecraft despite those components being well-documented over the years underscores the threat actor's confidence in their operations, Talos pointed out.

mWISE is unique among security conferences in its highly collaborative agenda. The 2023 lineup covers topics in cloud security, intelligence, security engineering, security operations, threats and exploits, and third-party and cyber risk management, along with a sponsor track.