📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
A security vulnerability originally classified as a Chrome bug is much more serious than thought. Numerous applications are probably affected, many of which have not yet received a security update. September 27, 2023 By Kris Wallburg Google has given an already-known security vulnerability a new CVE ID with the highest severity level. The reason for this is that the vulnerability, originally classified as a Chrome bug, affects significantly more applications, because it’s a WebP vulnerability instead.The WebP image file format is particularly popular on the web because it offers a good balance between storage size and quality. But the vulnerability allows attackers to use a specially crafted WebP image to create a heap buffer overflow and execute malicious code. To do this, the image must be opened in an application; in browsers, simply calling up a website is sufficient. The code executed in the background can then install malware, for example. >> Full Article <<
September 27, 2023 By Pierluigi Paganini DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches.The leaked logins present cybercriminals with almost limitless attack capabilities.DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.According to CEO of SecurityDiscovery Bob Diachenko, who first identified the leak, the now-closed instance contained over 3.8 billion records.DarkBeam has apparently been collecting information to alert its customers in case of a data breach. The incident will most likely affect more than DarkBeam users alone. >> Full Article <<
September 26, 2023 By Bill Toulas Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook.Although the ZeroFont phishing technique has been used in the past, this is the first time it has been documented as used in this way.In a new report by ISC Sans analyst Jan Kopriva, the researcher warns that this trick could make a massive difference in the effectiveness of phishing operations, and users should be aware of its existence and use in the wild. >> Full Article <<
By Fred Gutierrez | September 27, 2023 A Short History LessonIn 1923, the Soviet Union created the Nagorno-Karabakh Autonomous Oblast (an oblast is an administrative region or province) within the Azerbaijan Soviet Socialist Republic. This oblast has a 95% ethnically Armenian population. In 1988, Nagorno-Karabakh declared its intention to leave Azerbaijan and join the neighboring Republic of Armenia. While the Soviet Union was able to keep the resulting tension under control, once the USSR began to collapse, armed conflict between Azerbaijan and Armenia began for control of the Nagorno-Karabakh region. While a ceasefire was tentatively reached in 1994 and again in 2020, tensions remain high between the two countries.Figure 1. Regional MapAffected platforms: Microsoft WindowsImpacted parties: Targeted management associated with an Azerbaijanian companyImpact: Reconnaissance of basic computer info of targeted usersSeverity level: Low A Spearphishing Campaign Exploits the Azerbaijan-Armen
September 27, 2023 Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.The campaign unfolded in July 2023, when researchers discovered unusual commits on hundreds of public and private repositories forged to appear as Dependabot commits.Dependabot is an automated tool provided by GitHub that scans projects for vulnerable dependencies and then automatically issues pull requests to install the updated versions.As reported today by Checkmarx, these fake Dependabot contributions were made possible using stolen GitHub access tokens with the attackers' goal of injecting malicious code to steal the project's secrets. Full Article
A previously unknown compression side channel in GPUs can expose images thought to be private. DAN GOODIN - 9/26/2023 GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper published Tuesday.The cross-origin attack allows a malicious website from one domain—say, example.com—to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. >> Full Article <<
September 26, 2023 By Bill Toulas A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group.NSFocus reports that the AtlasCross hackers are sophisticated and evasive, preventing the researchers from determining their origin."After an in-depth study of the attack process, NSFOCUS Security Labs found that this APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency and other main attribution indicators," explains NSFocus."The technical level and cautious attitude shown by this attacker during this activity are also worthy of attention." >> Full Article <<
September 25, 2023 By Bill Toulas The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree.BORN is a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.MOVEit attacks leveraged a zero-day vulnerability (CVE-2023-34362) in the Progress MOVEit Transfer software to compromise and steal data from thousands of organizations worldwide.BORN first became aware of the security breach on May 31 and posted a public notice on its site while simultaneously notifying the relevant authorities (Privacy Commissioner of Ontario). >> Full Article <<
September 26, 2023 By Sergiu Gatlan Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.The company initially disclosed the flaw as a Chrome weakness, tracked as CVE-2023-4863, rather than assigning it to the open-source libwebp library used to encode and decode images in WebP format.This zero-day bug was jointly reported by Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto's Munk School on Wednesday, September 6, and fixed by Google less than a week later....New maximum severity CVEHowever, it has now assigned another CVE ID, CVE-2023-5129, marking it as a critical issue in libwebp with a maximum 10/10 severity rating. This change has significant implications for other projects using the libwebp open-source library.Now officially recognized as a libwebp flaw, it involves a heap buffer overflow in WebP, impacting Google Chrome versions precedin
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security. September 26, 2023 By Kevin Townsend The average tenure of a Chief Information Security Officer said to sit between 18 to 24 months. This is barely enough time to get feet under the table, never mind a meaningful seat at the table. Two questions arise: why is there such volatile churn in this space; and how does it affect enterprise cybersecurity?Reasons for CISO churn Cause #1: the scapegoat effectThe potential for CISOs to be used as scapegoats for security incidents is widely accepted and potentially growing. It can simply be internal: ‘We got breached under your watch, so we’ll blame you and let you go.’ But it can equally be a complex external issue ultimately caused by a lack of legal clarity in the Computer Fraud and Misuse Act (CFAA), a lack of clarity on bounty hunting and secur
My Yahoo account is being deleted but I would like to preserve participation in old Community threads.Per the following thread the method is to request a change. A PM was sent to Ssherjj, the moderator who helped at that time but it seems she may no longer be active. I tried via support at Webroot but they can’t help with this request.https://community.webroot.com/community-101-2/re-registering-on-community-320246My current, soon to be old, email address is If someone can help I would be happy to provide the new email address via email or private message. Thank you for even reading!
Recently, we shared the results of a new survey on phishing knowledge and click habits of 7,000 workers in the U.S., U.K., Australia/New Zealand, Germany, France, Italy and Japan. In it, we focused a fair bit on COVID-19 and its effects on people and their online habits with the increase in WFH, as well as on cybercriminal tactics themselves. We then worked with Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, to get his take on the survey results. Below are snippets from our interview with Dr. Rajivan, where we asked him about some of the nitty-gritty in the report and what he thinks the numbers mean. Thanks for taking the time to share additional information with our Community. I’d like to dive right in by examining some the numbers around the mass shift to working from home. In the survey, 54% of workers worldwide said they had increased the amount of time they spend working from home due to the COVID-19 pande
by: Paul Horowitz One way to test out MacOS Sonoma beta but without installing it directly on a Mac is to install the Sonoma beta into a virtual machine instead. There are several different ways to do this, but for this particular article we will show you how you can setup and install MacOS Sonoma beta in a virtual machine by using the free UTM software.To use this particular method of running Sonoma in a VM, you’ll want an Apple Silicon Mac with at least 60GB of disk space available and 16GB RAM, and you’ll then use the Sonoma beta IPSW file provided by Apple to install Sonoma into a VM using the free UTM app. It may sound complex, but it’s actually pretty easy, as you’ll see as we walk you through the steps. ⇨⇨ Full Article ⇦⇦
Another sign that a new version of Windows is on the way!Jun 14, 2021, 9:06am EDT Microsoft is ending support for Windows 10 on October 14th, 2025. It will mark just over 10 years since the operating system was first introduced. Microsoft revealed the retirement date for Windows 10 in an updated support life cycle page for the OS. Thurrott reports that this is the first time Microsoft has ever described the end of support for Windows 10.It’s not clear exactly when the support document was updated, but Thurrott reports it only previous documented “when specific Windows 10 versions would leave support,” and not the entire OS. It could be another hint that a new version of Windows is on the way.Microsoft keeps dropping Windows 11 hintsMicrosoft has been dropping lots of hints that it’s ready to launch Windows 11. The software maker is holding a special Windows event to reveal the “next generation” of the OS next week. The event starts at 11AM ET, and the event invite includes a window tha
September 22, 2023 By Brian Krebs The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.LastPass sent this notification to users earlier this week. LastPass told customers this week they would be forced to update their master password if it was less than 12 characters. LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords.This is significant because in November 2022, LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users.
by: Jamie CuevasStaying safe online with your Apple devices is an ongoing effort, and it’s important to keep yourself vigilant and informed about potential threats and risks. While the Mac, iPhone, and iPad, are generally much more secure than their competitor counterparts, that doesn’t mean you should be completely oblivious to risks to your personal information, logins, privacy, and general security.We’re going to walk through six important tips to remember for when you’re online with your Mac, iPhone, or iPad, to help to insure your and your devices safety. ⇨⇨ Full Article ⇦⇦
September 25, 2023 By Helga Labus US educational nonprofit organization National Student Clearinghouse (NSC) has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students.The National Student Clearinghouse MOVEit breach noticeNSC provides educational reporting, data exchange, verification, and research services to around 3,600 North American colleges and universities and 22,000 high schools.NSC has filed a breach notification letter with the California Attorney General’s Office on behalf of the affected schools.The notification letter informed affected students – whose total number has not been disclosed – about the security breach resulting from a cyberattack that exploited a vulnerability in the MOVEit managed file transfer solution. >> Full Article <<