Security News

NCC Group's Global Threat Intelligence team, in its monthly cybersecurity Threat Pulse, noted there were 240 ransomware attacks in February 2023 - a 45% increase from the record-high number of attacks in January. The NCC Group also reported that ransomware LockBit 3.0 was the leading arrowhead, with the eponymous threat group having launched 129, or 54%, of ransomware salvos last month, including an attack on the U.K.'s Royal Mail.

Microsoft says a new Windows 11 preview build rolling out today will allow Insiders to test the company's adaptive brightness feature on more systems. While Content Adaptive Brightness Control could previously only be used on laptops while running on battery, CABC can now also be toggled on plugged-in devices.

A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users. Wiz researchers found that when creating an application in Azure App Services and Azure Functions, the app can be mistakenly configured to allow users from any Microsoft tenant, including public users, to log in to the application.

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383, the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw that was fixed by Microsoft in October 2022.

Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX - and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated. Its customers are said to include the NHS in the UK, American Express, Coca Cola, and MIT. It still sells VoIP systems, and it's exactly those that appear to have fallen victim to a supply chain attack.

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.

Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled - at least until September when the tool is retired. Microsoft is moving all of its Exchange Online tenants from the legacy - and increasingly insecure - Remote PowerShell Protocol to the PowerShell v3 module.

Attackers are exploiting a critical vulnerability in the IBM Aspera Faspex centralized file transfer solution to breach organizations. IBM Aspera Faspex is used by organizations to allow employees to quickly and securely exchange files with each other.

The war in Ukraine and political tensions around the globe, namely in India, China and Russia, have also impacted the IT outsourcing landscape, the report said. This means that at a time when there's a growing need for IT leaders to look to outsourcing to find talent, "they're also experiencing a decrease in access to some of their top outsourcing locations," the report said.

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. Besides manipulating the security context to leak frames from the queue, an attacker can override the client's security context used by an access point to receive packets intended for the victim.