Month: March 2023

A new malware toolset has been discovered and analyzed by security experts at SentinelOne. Dubbed “AlienFox” by the team, the toolkit can harvest credentials for multiple cloud service providers. An advisory published on Thursday by SentinelOne threat researcher Alex Delamotte shows that attackers used AlienFox to successfully harvest API keys and secrets from various services, including

by Paul Ducklin In the early days of personal computers, everyone knew why backups were important. Computer storage simply wasn’t as reliable as it is today, and it wasn’t a question of if you’d lose vital files through no fault of your own, but when it would happen. (Possibly today; probably tomorrow; almost certainly by

Roughly four out of five employees (71%) store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work. The data come from SlashNext’s latest mobile bring your own device (BYOD) security report, which also suggests 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps.

by Paul Ducklin HOW TO TURN YOURSELF IN No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

The ransomware gang known as Clop has been observed exploiting a pre-authentication command injection vulnerability (CVE-2023-0669) in Fortra’s file transfer solution GoAnywhere MFT. The high-level vulnerability has a CVSS:3.1 score of 7.2 and was exploited against several companies in the US and elsewhere, according to a new advisory by security experts at CloudSEK. The flaw

by Naked Security writer The UK’s National Crime Agency (NCA) has recently announced work that it’s been doing as an ongoing part of a multinational project dubbed Operation PowerOFF. The idea seems to be to use fake cybercrime-as-a-service sites to attract the attention of impressionable youngsters who are hanging around on the fringes of cybercrime

The French government has announced plans to ban “recreational” apps, including TikTok, Netflix, Instagram, Candy Crush and Twitter, from officials’ devices. The move will be monitored by The National Cybersecurity Agency of France (ANSII) and is expected to affect roughly 2.5 million government officials. “Recreational applications do not deliver sufficient levels of cybersecurity and data protection to

by Paul Ducklin Apple’s latest update blast is out, including an extensive range of security patches for all devices that Apple officially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware in Apple’s super-cool external Studio

A new information-stealing malware (infostealer) has been observed targeting Catalina and newer versions of macOS running on Intel M1 and M2 CPUs. Security researcher Shilpesh Trivedi from Uptycs discussed the findings in an advisory published on Friday. “The Uptycs threat research team has discovered a macOS stealer that […] controls its operations over Telegram,” Trivedi wrote.

by Paul Ducklin Gordon Moore, co-founder of Intel, has died at 94. Academically, Moore was both a chemist and physicist, earning a Bachelor’s degree in chemistry from the University of California at Berkeley in 1950, and a Doctorate in physical chemistry and physics from the California Institute of Technology in 1954. After a brief interlude