admin

by Paul Ducklin Firefox’s latest major update is out, following Mozilla’s usual every-fourth-Tuesday release cycle. The list of security fixes this month (like full moons, there are sometimes two Firefox releases in a calendar month, but most months only have one) is splendidly short, and there aren’t any critical bugs or zero-days in the list.

Three critical vulnerabilities have been discovered in RenderDoc, a graphics debugger that supports multiple operating systems, including Windows, Linux, Android and Nintendo Switch. The software holds a prominent position within the gaming development software arena, as it seamlessly integrates with leading gaming software engines such as Unity and Unreal.  As per the findings of cybersecurity

by Paul Ducklin Google’s latest Chrome update is out, and this time the company hasn’t minced its words about one of the two security patches it includes: Google is aware that an exploit for CVE-2023-3079 exists in the wild. There’s no two-degrees-of-separation verbiage, as we’ve often seen from Google before, to say that the company

A new malware campaign has been discovered that exploits the Satacom downloader, also known as LegionLoader, to distribute a browser extension designed to steal cryptocurrency. The Satacom downloader, a notorious malware family that emerged in 2019, is known for using DNS server queries to retrieve the next malware stage from another family associated with Satacom. 

by Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted customers of its MOVEit Transfer and related MOVEit Cloud products about a critical vulnerability dubbed CVE-2023-34362. As the name suggests, MOVEit Transfer is a system that makes it easy to store and

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection.  According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The method introduces another supply chain vulnerability for

US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.  The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good

A new cyber threat campaign named “Horabot” has been discovered by cybersecurity firm Cisco Talos targeting Spanish-speaking users in the Americas. Horabot, a botnet software, has been active since November 2020 and is responsible for distributing a banking Trojan and spam tool. According to an advisory published by Cisco Talos earlier today, the threat actor behind

by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

A new vulnerability has been discovered in macOS that allows attackers with root access to bypass System Integrity Protection (SIP) and perform arbitrary operations on affected devices. Discovered by Microsoft and dubbed “Migraine,” the flaw was disclosed to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). SIP is a security technology implemented

by Paul Ducklin Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down),

The tactics of a Nigerian cybercrime group have been revealed, including their complex phishing techniques and extensive fraud scheme. The findings, published by ESET in a blog post released earlier today, pertain to the actions of two individuals at the center of a criminal enterprise that resulted in losses of up to $1 million: Solomon

by Paul Ducklin Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-buildin toolkit known as Expo. The good news is that Expo responded really quickly to SALT’s bug report, coming up with a fix within just a few

Unit 42, Palo Alto Networks threat research team, has found new malicious activity targeting IoT devices, using a variant of Mirai, a piece of malware that turns networked devices running Linux, typically small IoT devices, into remotely controlled bots that can be used in large-scale network attacks. Dubbed IZ1H9, this variant was first discovered in