News – April 2023

May 27, 2023

A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called “Hot Pixels,” which can retrieve pixels from the content displayed in the target’s browser and infer the navigation history. The attack exploits data-dependent computation times on modern system-on-a-chip (SoCs) and graphics processing units (GPUs) and ...

April 29, 2023

Police are investigating a cyber-attack involving potentially thousands of British gun owners, raising concerns that organised criminals may target them for firearms. The National Crime Agency (NCA) is assessing the level of risk after the National Smallbore Rifle Association (NSRA) confirmed that data belonging to some of its members had been “compromised”. Read more… Source: The Guardian  

April 28, 2023

Customers of Lloyds Bank, Halifax, Bank of Scotland and TSB Bank locked out of their accounts. Thousands of customers of four UK banks are having problems logging on via the companies’ websites and mobile apps. Read more… Source: Computing  

April 27, 2023

A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware ‘HiddenAds’ to stealthily load ads in the background to generate revenue for its operators. Minecraft is a popular sandbox game with 140 million monthly active players, which numerous game publishers have attempted to recreate. Read more… Source: Bleeping Computer  

April 27, 2023

CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...

April 27, 2023

Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers. David “dwizzle” Weston, director of OS security for Windows, announced the arrival of Rust in the operating system’s kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. Read more… Source: The Register  

April 27, 2023

RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. The RTM (Read The Manual) cybercrime gang has been active in financial fraud since at least 2015, known for distributing a custom banking trojan used to steal money from victims. Read more… Source: Bleeping Computer  

April 27, 2023

Ukraine’s ambassador says cyber security assistance to help combat Russian aggression would also help boost Australia’s own capabilities. Vasyl Myroshnychenko said he would welcome any further assistance with Ukraine’s defence against Russia, adding it would provide Australia with a good opportunity to stress test its own resources. Read more… Source: MSN News  

April 26, 2023

Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Read more… Source: Bleeping Computer  

April 26, 2023

The 14th National People’s Congress (NPC) Standing Committee passed an amendment to the Counter-Espionage Law on Wednesday. The revised law refines the definition of espionage activities, explicitly categorizing “collaborating with spy organizations and their agents” and “conducting cyber-attacks against state organs, confidential-related units, or critical information infrastructure and etc.” as espionage activities. The revised law will ...

April 26, 2023

Cyberattacks are blurring the lines between physical and digital risks, forcing cybersecurity and physical security chiefs to work closely together to combat threats, executives say. Cyber-physical threats, where an attack on computer systems might cause damage to property or people, or vice versa, have long been a concern for companies in the defense-industrial base, power and ...

April 26, 2023

Cisco disclosed today a zero-day vulnerability in the company’s Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks. This server management utility enables admins to perform migration or upgrade tasks on servers in their organization’s inventory. Read more… Source: Bleeping Computer  

April 26, 2023

Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033. The first samples of PingPull malware date back to September 2021. ...

April 26, 2023

A government-imposed ban on companies paying cyber ransoms to hackers could cause “catastrophic damage” and even lead to the loss of Australian lives, the nation’s biggest energy producer has warned. AGL Energy, whose board was recently reshuffled by Atlassian billionaire Mike Cannon-Brookes, described ransom bans as a dangerous double-edged sword. Read more… Source: 9News  

April 25, 2023

A cyber attack that targeted irrigation systems in Israel is thought to be part of an annual “hacktivist” campaign that takes place every April, and this year’s attempt at least managed to cause a nuisance for some farms in the Jordan Valley. The hackers targeted both farms and wastewater treatment plants. They seemingly had little success ...