News – July 2023

July 24, 2023

Atlassian has released the July 2023 Security Bulletin that addresses three high severity vulnerabilities in multiple products. CVE-2023-22505 and CVE-2023-22508 are Remote Code Execution (RCE) vulnerabilities affecting Confluence Server and Confluence Data Center. CVE-2023-22506 is an injection and RCE vulnerability affecting Bamboo Server and Bamboo Data Center. Read more… Source:  NHS Digital  

July 24, 2023

Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs  

July 24, 2023

A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden ...

July 24, 2023

In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access impacted fewer than five ...

July 21, 2023

The Army in recent years has introduced the concept of “information advantage,” in which soldiers have the ability to make decisions and act faster than their adversaries. The service now believes artificial intelligence is the key to making the strategy a reality. Both in industry and the Defense Department, many are exploring the possibility of utilizing ...

July 21, 2023

Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector. During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased advanced techniques designed to exploit legitimate services – such as attaching malicious functionalities to specific components ...

July 21, 2023

The U.S. ambassador to China, Nicholas Burns, and the State Department’s Assistant Secretary for East Asia Daniel Kritenbrink’s email accounts were breached by China-based hackers in the massive cyberattack that began in May and was discovered in mid-June, according to U.S. officials familiar with the investigation into the matter. The hackers are not believed to have ...

July 21, 2023

A University of Texas at Arlington engineering researcher is working on defenses that could thwart cyberattacks against networks of self-driving cars and unmanned aerial vehicles. “If hackers find a way to affect 10 out of 100 self-driving cars in a given area, they might have an impact on all 100 cars because the 10 hacked cars ...

July 21, 2023

Microsoft, Google and OpenAI are among the leaders in the US artificial intelligence space that have committed to certain safeguards for their technology, following a push from the White House. The companies will voluntarily agree to abide by a number of principles though the agreement will expire when Congress passes legislation to regulate AI. Read more… Source: Engadget  

July 20, 2023

Security and networking devices are “edge devices,” meaning they are connected to the internet. If an attacker is successful in exploiting a vulnerability on these appliances, they can gain initial access without human interaction, which reduces the chances of detection. As long as the exploit remains undiscovered, the threat actor can reuse it to gain access ...