Twitter Tag

Google Unveils Major Update to Authenticator App with Cloud Sync Option.   In a major update to its Authenticator app, Google has added an account synchronisation option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud.   The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a...

Read More

Service NSW Apologizes for Brief Software Bug that Exposed Users' Information.   Service NSW has issued an apology after a software bug briefly allowed users to view other users' information on the "My services" dashboard. A spokesperson for Service NSW has confirmed that the issue was present on Monday, March 20, between 1:20 pm and 3:00 pm. The problem was limited to the landing dashboard when customers...

Read More

Chinese online fashion retailer, Shein, has been found to have had a bug in an older version of its Android application that periodically captured and transmitted clipboard contents to a remote server. The issue was discovered by the Microsoft 365 Defender Research Team in version 7.9.2 of the app, which was released on December 16, 2021. The issue has since been addressed as of May...

Read More

On February 23, 2023, Jamf Threat Labs uncovered evasive cryptocurrency mining malware targeting macOS systems. The XMRig coin miner was being deployed as a trojanized version of the legitimate application Final Cut Pro, a video editing software from Apple.   The malicious mining process was found to be sourced from Pirate Bay, with uploads dating back to 2019. It is believed that the malware was delivered as...

Read More

China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. 

The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. 

DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...

Read More

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State Security (MSS) unlike the Lazarus and...

Read More