Security Leftovers
-
Security Week ☛ CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation
The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.
-
It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack
Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries’ governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers.
Victims lured to a certain page on the Lanka Government Network website at lgn2.gov.lk will be swiftly redirected to a phishing site hosted by the Rajshahi Metropolitan Police in Bangladesh (rmp.gov.bd).
-
Silicon Angle ☛ Critical Bluetooth security flaw discovered in Google, Fashion Company Apple and GNU/Linux devices
A newly revealed critical security issue with Bluetooth can potentially allow attackers to take control of Android, Linux, macOS and iOS devices. Detailed by security researcher Marc Newlin on Microsoft's proprietary prison GitHub this week, the vulnerability, tracked as CVE-2023-45866, is an authentication bypass that lets attackers connect susceptible devices and inject keystrokes to achieve code execution.
-
ZDNet ☛ Kernel security now: Linux's unique method for securing code
At Open Source Summit Japan, Linux developer Greg Kroah-Hartman recaps the current state and future challenges of kernel security, including the specter of government regulation and the essential pain of unceasing updates.
-
Security Week ☛ Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat
iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days.
-
Silicon Angle ☛ New research highlights difficulty of preventing Outlook security exploits [Ed: Check Point Software is a Microsoft proxy of sorts]
Haifei Li, a principal vulnerability researcher at Check Point Software Technologies Ltd., examines the universe of Abusive Monopolist Microsoft Outlook exploits in a new blog post this week that has lessons for users and security managers alike. Li divides this collection into three parts: embedded malicious hyperlinks, malware-laced attachments and more specialized attack vectors.