Cyber security news September 2023

This posting is here to collect cyber security news in September 2023.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

214 Comments

  1. Tomi Engdahl says:

    Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign https://www.trendmicro.com/en_us/research/23/i/cybercriminals-exploit-the-moroccan-tragedy-in-new-scam-campaign.html

    Cybercriminals have always exploited instances of natural calamities to prey on innocent people. This blog post exposes a scam that has taken advantage of the earthquake in Morocco by deceiving users to buy relief equipment purportedly meant to aid quake victims.

    Reply
  2. Tomi Engdahl says:

    P2PInfect botnet activity surges 600x with stealthier malware variants https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/

    The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.

    Cado Security researchers who have been following the botnet since late July 2023, report today seeing global activity, with most breaches impacting systems in China, the United States, Germany, Singapore, Hong Kong, the UK, and Japan.

    The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.

    P2PInfect was first documented by Unit 42 in July 2023 as a peer-to-peer malware that breaches Redis instances using a remote code execution flaw on internet-exposed Windows and Linux systems.

    Reply
  3. Tomi Engdahl says:

    Police warn new Android malware scam can factory reset phones; over S$10 million lost in first half of 2023
    https://www.channelnewsasia.com/singapore/android-malware-scam-factory-reset-phone-police-3785801

    SINGAPORE: The police on Wednesday (Sep 20) issued an advisory about a new variant of Android malware scams, where scammers would initiate a factory reset on infected devices after the malware executes unauthorised transactions on the phone’s i-banking app.

    Reply
  4. Tomi Engdahl says:

    Remote Code Execution in Tutanota Desktop due to Code Flaw https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw/

    In June 2022, the Sonar Research team discovered critical code vulnerabilities in multiple encrypted email solutions, including Proton Mail, Skiff, and Tutanota. These privacy-oriented webmail services provide end-to-end encryption, making communications safe in transit and at rest. Our findings affect their web clients, where the messages are decrypted with the user’s keys; mobile clients were unaffected.

    The vulnerabilities would have allowed attackers to steal emails and impersonate victims if they interacted with malicious messages. The issue has been fixed, and there are no signs of in-the-wild exploitation.

    Reply
  5. Tomi Engdahl says:

    Vanha troijalainen iskee päivittämättömään Exceliin
    https://etn.fi/index.php/13-news/15346-vanha-troijalainen-iskee-paeivittaemaettoemaeaen-exceliin

    Kyberturvallisuusyhtiö Fortinet on julkaissut raportin, joka käsittelee pahamaineisen Agent Tesla -troijalaisen uutta versiota. Tämä tunnettu haittaohjelmaperhe tunkeutuu koneelle .NET-pohjaisen etäohjattavan troijalaisen ja niin sanotun tietovarkaan avulla.

    Agent Tesla -hyökkäykset toteutetaan usein haittaohjelmapalveluna eli hyökkäyspakettina, joka on mahdollista toteuttaa ilman erityistä teknistä osaamista. Troijalainen on tunnettu useita vuosia. Uuden version levittämisessä hyödynnetään Excel-tiedostoja, joiden tunnettuja CVE-2017–11882- ja CVE-2018-haavoittuvuuksia kyberrikolliset käyttävät haittaohjelmien suorittamiseen.

    Reply
  6. Tomi Engdahl says:

    Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
    https://www.securityweek.com/tor-based-drug-marketplace-piilopuoti-shut-down-by-law-enforcement/

    Finnish authorities have seized the drugs marketplace Piilopuoti, which has been operating on the Tor network since May 2022.

    Reply
  7. Tomi Engdahl says:

    Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

    Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

    https://www.securityweek.com/microsoft-ai-researchers-expose-38tb-of-data-including-keys-passwords-and-internal-messages/

    Reply
  8. Tomi Engdahl says:

    Vulnerabilities
    Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
    https://www.securityweek.com/fortinet-patches-high-severity-vulnerabilities-in-fortios-fortiproxy-fortiweb-products/

    Fortinet has released patches for a high-severity cross-site scripting vulnerability impacting its enterprise firewalls and switches.

    Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions.

    Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”.

    Reply
  9. Tomi Engdahl says:

    https://www.securityweek.com/venafi-leverages-generative-ai-to-manage-machine-identities/

    Machine identity firm Venafi has launched a proprietary generative AI (gen-AI) model to help with the mammoth, complex, and expanding problem of managing machine identities.

    Reply
  10. Tomi Engdahl says:

    Cisco to Acquire Splunk for $28 Billion
    https://www.securityweek.com/cisco-boosts-cybersecurity-capabilities-with-28-billion-splunk-acquisition/

    Cisco will boost its cybersecurity capabilities by shelling out $28 billion to buy Splunk, which Cisco says will drive the next generation of AI-enabled security and observability.

    Cisco on Thursday announced that it has entered into a definitive agreement to acquire data analysis, security and observability solutions provider Splunk (NASDAQ: SPLK) in a deal valued at $28 billion.

    The networking giant is prepared to pay $157 per share in cash for Splunk, with the acquisition expected to close by the end of the third quarter calendar year 2024. Cisco said the deal will help accelerate revenue growth and gross margin expansion.

    Following the acquisition, Splunk President and CEO Gary Steele will join Cisco’s executive team and will report to Cisco CEO and Chair Chuck Robbins.

    Splunk’s AI, security and observability capabilities complement Cisco’s offering.

    “Uniting with Cisco represents the next phase of Splunk’s growth journey, accelerating our mission to help organizations worldwide become more resilient, while delivering immediate and compelling value to our shareholders,” Steele said.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*