Security News

The authors of the technical paper published on Arxiv.org also found that biometric data on the fingerprint sensors' Serial Peripheral Interface were inadequately protected, allowing for a man-in-the-middle attack to hijack fingerprint images. The idea of BrutePrint is to perform an unlimited number of fingerprint image submissions to the target device until the user-defined fingerprint is matched.

"The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave," the admins said in a notice published on May 20, 2023. No additional details about the nature of the malware and threat actors involved in publishing those rogue packages to PyPI were disclosed.

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p ransomware, marking the threat actor's first ransomware campaign since late 2021. "They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware."

The U.S. Cybersecurity and Infrastructure Security Agency warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492, impacts select Samsung devices running Android versions 11, 12, and 13.

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization protection. The exposed info can be used by local attackers with high privileges to conduct an ASLR bypass which could enable the exploitation of memory-management issues.

Call it BEC 3.0 - phishing attacks that bury the hook in legitimate web services like Dropbox. SEE: Another hide-the-malware attack focuses on DNS. "Leveraging legitimate websites to host malicious content is a surefire way to get into the inbox," he said.

A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims' networks. "The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.".

Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used in data breach notification letters sent to impacted employees. Ransomware gangs only delete data or provide a decryption key after a ransom is paid, meaning that is highly unlikely that Dish could receive confirmation that the stolen data was deleted without paying.

Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited." The notes accompanying the updates also revealed that Apple's first Rapid Security Response update, which was pushed out earlier this month, contained fixes for two WebKit 0-days.

Many attackers seeking to access SaaS apps choose to access them via a compromise of the on-prem environment, instead of attacking them directly through a browser. The common pattern of this kind of attack is to gain control of an employee's endpoint using social engineering and, once there, strive to compromise usernames and passwords to use them for malicious access to SaaS apps.