Security News > 2023

Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data. Offensive data is not unified: it's siloed inside specific tools and machines rather than being modeled and analyzed holistically.

42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant threats, emphasizing the need for robust protection.

Many US businesses may be required to assist in government-directed surveillance - depending upon which of two reform bills before Congress is approved. Under rules being considered, any telecom service provider or business with custodial access to telecom equipment - a hotel IT technician, an employee at a cafe with Wi-Fi, or a contractor responsible for installing home broadband router - could be compelled to enable electronic surveillance.

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.The security bug was discovered by a team of bug hunters known as Nex Team, who reported it to WordPress security firm Wordfence under a recently launched bug bounty program.

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader.

Hotspot Shield’s speed-oriented features may not be enough to overcome its lack of testing and questionable data logs. Read more in our full review below.

Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe Cross Site Scripting flaw, which allows JavaScript code to be executed in a client, the bug was determined only to be an HTML injection flaw, allowing the injection of images.

Norton Healthcare, which runs eight hospitals and more than 30 clinics in Kentucky and Indiana, has admitted crooks may have stolen 2.5 million people's most sensitive data during a ransomware attack in May. During the intrusion, the criminals accessed names, contact information, Social Security Numbers, dates of birth, and may have included may have also included driver's license and government ID numbers, financial account information, and digital signatures. The not-for-profit healthcare system said it discovered the security incident, later determined to be a ransomware infection, on May 9, two days after the intrusion.

Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. Today, Apple addressed the zero-days in iOS 16.7.3, iPadOS 16.7.3, tvOS 17.2, and watchOS 10.2 with improved input validation and locking.

Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, Cisco Talos revealed today.