Security News

Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations to detect and secure. Almost 1 in 10 of all detected internet-facing assets had an associated unpatched vulnerability.

Microsoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps and online services. The list of affected services includes Microsoft 365 fort the web, the Microsoft 365 suite, Microsoft Teams, and Microsoft Planner.

Legion targets various services for email exploitation, according to Cado, whose research indicates that Legion is likely linked to the AndroxGh0st malware family first reported in December 2022. The report said Legion appears to be part of an emerging generation of hacking tools that aim to automate the credential harvesting process to compromise SMTP services.

The Deep, Dark Web - The Underground - is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. Did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right dark web sources and gathering actionable intelligence through manual methods, which can lead to analyst fatigue and delayed action.

A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control. "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week.

The study is built upon 10 million posts on encrypted platforms and other kinds of data dredged up from the deep, dark and clear web. Across the dark web onion sites, the total number of forum posts and replies decreased by 13% between 2021 and 2022, dropping from over 91.7 million to around 79.1 million.

The security researchers found that Google Play threats and Android phone infections are big business. A Google Play developer account can be bought for around $60-$200 USD depending on account characteristics such as the number of developed apps or the number of downloads.

External web applications can prove difficult to secure and are often targeted by hackers due to the range of vulnerabilities they may contain. Organizations with business-critical web applications need to take effective measures of their digital attack surface, and pay close attention to these common security risks.

"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023. Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store.

ACRO, the UK's criminal records office, is combing over a "Cyber security incident" that forced it to pull its customer portal offline. In an email to users this week - seen by El Reg - ACRO confirmed it has "Recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023.".