Security News > 2023 > September

Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet - both in terms of attacks and the dissemination of fake news. The article appeared in China Cyberspace, the official organ of regulator the Cyberspace Administration of China.

Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. The solution to meet this call by Google, and other browsers, is to automate certificate management.

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a...

One in every six ransomware attacks targeting US government offices was traced back to the LockBit ransomware group, according to Trend Micro. Overall ransomware attack victim numbers increased by 47% from H2 2022.

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. Today, Google TAG's Maddie Stone revealed that the CVE-2023-5217 zero-day vulnerability was exploited to install spyware.

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. The campaign started on September 12, 2023, and was first discovered by Sonatype, whose analysts unearthed 14 malicious packages on npm.

Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. The malware is distributed to Windows users through websites that imitate the legitimate Bitwarden site and rely on typosquatting to fool potential victims. Security researchers at cybersecurity company Proofpoint discovered ZenRAT after receiving in August a sample of the malware from Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes.

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations.Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

Microsoft's new AI image generation Paint tool powered by OpenAI's DALL-E text-to-image model is now rolling out to Windows Insiders in Dev and Canary channels. "With this update, we are excited to introduce Paint Cocreator, a new AI-powered experience powered by DALL-E that helps you create amazing artwork in Paint by describing in a few words what you'd like to create," said Dave Grochocki, Principal Product Manager Lead for Windows Inbox Apps.

"New Yorkers should not be forced to accept biometric surveillance as part of simple activities like buying groceries or taking their kids to a baseball game," more than 30 civil and digital rights organizations said yesterday in a letter backing new privacy laws in the city. The New York Civil Liberties Union, the Surveillance Technology Oversight Project, Amnesty International and others wrote a memo of support for two pending state bills that aim to ban facial recognition and other biometric tech both in public spaces, such as shops and arenas, and in residential buildings.