Security News > 2023 > August

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom Security said in a report published last week.

The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started. University of Michigan is one of the oldest and largest educational institutes in the United States, employing over 30,000 academic and administrative staff and having roughly 51,000 students.

Today, OpenAI released ChatGPT Enterprise, an enterprise-grade version of its popular generative AI chatbot. ChatGPT Enterprise has enhanced security and privacy meant for business use and unlimited access to a high-speed version of ChatGPT's underlying large language model GPT-4.

Genshin Impact developer miHoYohas responded to an in-game hacking situation that has caused problems recently in its player community, warning that they would take legal action against those responsible. Genshin Impact is a massively popular anime-style open-world exploration game available for Android, iOS, PS4, and Windows with over 60 million active players.

Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway zero-day, with a focus on entities across the Americas. Barracuda warned customers that the vulnerability was being exploited to breach ESG appliances on May 20, when it also patched all vulnerable devices remotely.

A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. "Our data indicates strong similarity between attacks using CVE-2023-3519 and previous attacks using a number of the same TTPs," Sophos researchers shared.

London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information. The supplier did not store police addresses, phone numbers or financial account details so it appears that data remains secure.

Ask any security professional and they'll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate "Fixer" somewhere in the organization. A new study, commissioned by Seemplicity and conducted by Dark Reading, provides fresh insight into how security pros handle the challenging remediation life cycle from discovery to resolution.

Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his sibling's death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law enforcement officials said. A new investigation was launched in 2020 after facial identification software indicated Gonzalez's face was on two state identification cards.

A vulnerability in Skype mobile apps can be exploited by attackers to discover a user's IP address - a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. Vulnerability specifics have not been publicly shared since it has yet to be patched, but Cox says it's "Trivially easy to exploit and involves changing a certain parameter related to the link."