October 2022

BLACK HAT USA – Las Vegas – Keeping up with security-vulnerability patching is challenging at best, but prioritizing which bugs to focus on has become more difficult than ever before, thanks to context-lacking CVSS scores, muddy vendor advisories, and incomplete fixes that leave admins with a false sense of security.   That's the argument that Brian Gorenc and Dustin Childs, both with Trend Micro's Zero Day Initiative...

Read More

When he took on a role as executive manager of cybersecurity for the Salvation Army Australia in 2019, Lachlan McGill knew he was in for a challenge, but it was only as he began educating himself about the organisation’s reach, and its woeful cybersecurity status, that he realised just how big a challenge it would be.   Security protections had evolved in a piecemeal way over time...

Read More

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets.   The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan and...

Read More

Thousands of mobile apps are leaking Twitter API keys — some of which give adversaries a way to access or take over the Twitter accounts of users of these applications and assemble a bot army for spreading disinformation, spam, and malware via the social media platform.   Researchers from India-based CloudSEK said they had identified a total of 3,207 mobile applications leaking valid Twitter Consumer Key and...

Read More