Security News

A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw. The issue, researcher Laxman Muthiyah says, was a bypass of the various security measures Apple has in place to prevent attempts to brute force the 'forgot password' functionality for Apple accounts.

A researcher has identified several vulnerabilities, including ones that have been rated high severity, in Cisco's Small Business 220 series smart switches. The vulnerabilities were discovered by security researcher Jasper Lievisse Adriaanse, and they impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled - the interface is enabled by default.

Process Ghosting expands on previously documented endpoint bypass methods such as Process Doppelgänging and Process Herpaderping, thereby enabling the veiled execution of malicious code that may evade anti-malware defenses and detection. Process Doppelgänging, analogous to Process Hollowing, involves injecting arbitrary code in the address space of a legitimate application's live process that can then be executed from the trusted service.

As Microsoft preps the next version of Windows, a hole has been spotted in an earlier Great Hope for the company: MS Paint 3D. The raster graphics and 3D modelling app was part of Microsoft's Creators Update back in 2016 and was released in 2017. The idea was that users would embrace its support for 3D objects and ditch the ancient Microsoft Paint for the new shiny.

Rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with first-stage malware, researchers have found. Before the ultimate ransomware payload hits the network, known ransomware gangs such as Ryuk, Egregor and REvil first team up with threat actors who specialize in initial infection using various forms of malware - such as TrickBot, BazaLoader and IcedID, according to the report.

A researcher says he has earned $30,000 through Facebook's bug bounty program for reporting an Instagram vulnerability that exposed private posts. In a blog post published on Tuesday, Mayur Fartade, a researcher based in India, said the flaw could have been exploited to access private or archived posts, stories, reels and IGTV videos without following the user whose content was targeted.

The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say. Air India revealed that the attack was related to SITA PSS, which processes personally identifiable information.

An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade of Sentinel Labs, before suggesting the malware came from a Chinese entity. Russian telco and IT services provider Rostelecom and the nation's National Coordination Center for Computer Incidents, an arm of the Russian Federal Security Service, in May published a joint report that detailed their assessment of attacks on several Russian government entities detected in 2020.

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant.

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong.