April 2023

Google Unveils Major Update to Authenticator App with Cloud Sync Option.   In a major update to its Authenticator app, Google has added an account synchronisation option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.   The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a...

Read More

Google's Cloud Platform was found to have a vulnerability that could allow attackers to plant applications in a victim's account, potentially compromising it permanently and without detection.   The flaw, known as GhostToken, was discovered by Israeli security firm Astrix, which alerted Google to the zero-day vulnerability in July 2022. An attacker who successfully compromised a victim's account could read their Gmail, access their files and photos,...

Read More

Russian APT28 hackers, also known as Fancy Bear and other aliases, have been targeting unpatched Cisco routers in a malware operation since 2021.   The UK National Cyber Security Centre (NCSC) and the US' National Security Agency, Cybersecurity and Infrastructure Security Agency, and the FBI issued a joint advisory outlining the APT28 exploitation tactics. The attackers exploited CVE-2017-6742, a bug in the Simple Network Management Protocol (SNMP)...

Read More

A new malware loader has been discovered by security researchers that is being used as part of the infection chain for the Aurora information stealer.   The loader is successful at avoiding detection by security solutions due to its anti-virtual-machine (VM) and unusual compilation techniques. The Aurora infostealer is a modular malware-as-a-service platform that can be used as a downloader to deploy additional payloads as well as...

Read More

Polish government officials have issued a warning that a cyberespionage group, believed to be linked to Russia's intelligence services, is targeting diplomatic and foreign ministries from NATO and EU member states.   The group, known as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR). This group was responsible for the 2020 supply chain attack against software company SolarWinds, which...

Read More

The US Cybersecurity and Infrastructure Security Agency (CISA) has released seven advisories this week about vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from various vendors. These advisories cover critical flaws, two of which have public exploits.   The affected products include ScadaFlex II controllers made by Industrial Control Links, Screen Creator Advance 2 and Kostac PLC programming software from JTEKT...

Read More

An international law enforcement operation has taken down Genesis Market, a notorious illegal online marketplace that traded in stolen credentials such as email, bank account, and social media platform information.   The operation, codenamed Operation Cookie Monster, involved 17 countries and resulted in 119 arrests and 208 property searches across 13 nations. Since its inception in March 2018, Genesis Market has become a major hub for criminal...

Read More

Service NSW Apologizes for Brief Software Bug that Exposed Users' Information.   Service NSW has issued an apology after a software bug briefly allowed users to view other users' information on the "My services" dashboard. A spokesperson for Service NSW has confirmed that the issue was present on Monday, March 20, between 1:20 pm and 3:00 pm. The problem was limited to the landing dashboard when customers...

Read More

Microsoft Unveils 'Security Copilot' Tool to Boost Cybersecurity Efforts.   Microsoft has launched a new tool designed to help cyber security professionals detect and identify breaches and threat signals more efficiently. Called 'Security Copilot', the tool is powered by OpenAI's latest GPT-4 generative artificial intelligence model. Its primary function is to aid security analysts in tasks such as summarising incidents, analysing vulnerabilities, and sharing information with colleagues...

Read More

Single sign-on (SSO) is a widely-used authentication method that allows users to access multiple applications using just one set of credentials. It is considered the gold standard for security as it eliminates the need for users to remember multiple passwords and can be further secured with multi-factor authentication (MFA).   In fact, an estimated 61% of attacks stem from stolen credentials, and SSO reduces the attack surface...

Read More