Security News

To strengthen their cybersecurity posture, companies must spend valuable resources on maintaining or updating systems, hiring and training staff, and implementing security software - resources and options that many don't have readily available. For businesses, security breaches risk not only exposure to customer data and a decrease in trust, but also losses in revenue if systems are taken offline through attacks such as DDoS. "The findings in this report show that SMBs have specific needs and pain points, particularly when it comes to hiring and having dedicated security employees," said Tyler Healy, VP of Security at DigitalOcean.

Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices. In an interview with The Register this month, Chen and Xia demonstrated two separate NUIT attacks: NUIT-1, which emits sounds to exploit a victim's smart speaker to attack the same victim's microphone and voice assistant on the same device, and NUIT-2, which exploits a victim's speaker to attack the same victim's microphone and voice assistant on a different device.

The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries. Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.

Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload. VoIP communications company 3CX was compromised by North Korean threat actors tracked as Lazarus Group to infect the company's customers with trojanized versions of its Windows and macOS desktop apps in a large-scale supply chain attack. Kaspersky has discovered that the Gopuram backdoor previously used by the Lazarus hacking group against cryptocurrency companies since at least 2020, was also deployed as a second-stage payload in the same incident into the systems of a limited number of affected 3CX customers.

Capita - everyone's favorite outsourcing badass - is still working to restore services for some customers after admitting the IT outage of certain services on Friday was caused by a cyber attack and efforts to contain the spread. The shape shifting tech biz, which has £6.5 billion worth of public sector contracts booked in, said before the weekend that a technical problem meant staff couldn't access work IT, including Microsoft cloud accounts. The cause of that blackout was confirmed today, with Capita saying via its website that on March 31 the biz "Experienced a cyber incident primarily impacting access to internal Microsoft 365 applications. This caused disruption to some services provided to individual clients, though the majority of our client services remained in operation."

Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software's manufacturer is yet to confirm how the Windows and macOS desktop apps have been compromised by the attackers. "On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts," 3CX CEO Nick Galea stated on Sunday.

The CEO of VoiP software provider 3CX said his team tested its products in response to recent alerts notifying it of a supply chain attack, but assessed reports of a malware infestation were a false positive. Nick Galea told The Register by email that 3CX did not ignore alerts but rather "Chose to double check our desktop app on VirusTotal and since it gave our app the all clear we considered the SentinelOne alert a false positive. It's not unusual for VoIP apps. We checked again a few days later and got the same result."

Microsoft unveils AI-powered Security Copilot analysis toolMicrosoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations professionals' work. Prioritizing data security amid workforce disruptionsIn this Help Net Security video, Chris Wey, President of Data Modernization at Rocket Software, discusses the risks organizations face and the steps they can take to mitigate disruption.

Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "Network outage." DISH is facing at least five lawsuits seeking to recover losses for Dish shareholders who were adversely affected by the alleged "Securities fraud" from February 22, 2021 to February 27, 2023.

A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "Opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.