Security News > 2023 > October

Israeli Android users are targeted by a malicious version of the 'RedAlert - Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background. RedAlert - Rocket Alerts is a legitimate open-source app used by Israeli citizens to receive notifications of incoming rockets targeting the country.

BLOODALCHEMY is the new backdoor that's been used by the operators of REF5961, but even though skilled malware developers are believed to have worked on the program, it's still thought to be a work in progress. Although it's a functional malware strain, part of the three new malware families uncovered through analyzing REF5961, its capabilities are still limited.

CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks. On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from...

A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. "Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the number of initial entry attacks using the malware has been observed," they noted.

Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered "Bing experience"."The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft's vulnerability severity classification for AI systems," says Lynn Miyashita, a technical program manager with the Microsoft Security Response Center.

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the...

Microsoft has resolved a known issue that caused Windows 10 security updates released during this month's Patch Tuesday to fail with 0x8007000d errors. For systems impacted by this issue, specifically Windows 10 21H2 and Windows 10 22H2, the KB5031356 security update would fail despite displaying initial progress during deployment.

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access...

Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Persi Diaconis.