First identified in January of 2023, Samsung has put a warning about a CVSS 4.4 vulnerability (CVE-2023-21492) that Is actively being exploited in the wild. The flaw, which impacts Samsung devices that are running Android 11, 12, and 13, was first disclosed to Samsung privately on January 17th, 2023. CISA (Cybersecurity and Infrastructure Security Agency) has also issued a warning about the flaw.

PyPI (the Python Package Index) has stopped allowing the creation of new accounts and the upload of new packages. This move has been put in place to deal with a massive increase in identified malicious users and packages. This decision comes as other repositories like NPM and even Microsoft VSCode have identified new malware posing as well-known projects. Supply chain attacks and typo-squatting are not really a new thing and increases in attacks on repositories often happen on a fairly regular basis. However, the increase across three popular repos can been seen as a larger threat when put in context of the general IT market.

A couple of accountants came up the laneway the other day… No this is not a “Letterkenny” episode, but the cold intro style was spot to me for this one. It seems that in the pre-covid world many companies were in the process of buying up or moving to beautiful new office spaces. Some of these spaces had glorious open areas, beautiful break rooms and, of course, space for all. Then Covid hit and the lock downs. This forced those same companies to abandon those spaces and work like crazy to get everyone to work from home. Now the bill on those same spaces has come due and companies are calling everyone home.

TrendMicro made a shocking revelation at Black Hat Asia 2023 where they disclosed an operation that has been running since 2018 targeting Android devices. The scheme was uncovered in 2021 while researchers at TrendMicro were looking into SMS PVA (Phone Verified Accounts) mobile bot net. They identified that the botnet had been helped along by a supply chain attack targeting the image used by OEM to rapidly deploy the OS onto the devices.

Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.

After learning that there were malicious ads containing links to ChatGPT apps (for Windows), Apple launched a legitimate app for IOS. The app brings the very popular LLM to Apple users at a time when some are becoming more hesitant about its use. It has not been that long since Samsung accidentally leaked confidential information via the platform. This prompted both Microsoft (a heavy investor) and OpenAI themselves to start work on private environments where data put into the model is not used to train it.

KeePass has a bit of a memory issue. It seems that the master password is passed in clear text through memory. This tiny little (sarcasm) bug was identified by a security researcher who goes by the name as vdohney. A proof of concept (POC) has already been published which usually leads to in-the-wild exploitation of the flaw (tracked as CVE-2023-32784). Oh, and if you did not know KeePass is a password manager/vault.

Popular open-source repository NPM is back in the news as a pair of packages were found to have malware in them. The malware in question is TurkoRat. TurkoRat is an open-source information stealer that has a few features attached to it. Among some of the components are things like a wallet grabber (wallets.js) which seems geared towards stealing crypto currency. Other components are ones you would expect from an InforStealer like credential theft etc. The package was found by ReversingLabs after it had been in place for two months.

I’ll take stupid features for $500 Alex. It seems that Apple is looking to deploy a feature that would allow your phone to sound and reply just like you do. The feature called “Personal Voice” uses a form of AI to replicate the sound and speech pattern of your voice in as little as 15 minutes (queue GEICO joke here). The feature is part of an update to their built-in accessibility features toolkit and on the surface is intended to help people that have speech challenges. Personal Voice can be used for in-person conversations and via phone calls. This feature will be tied to something called Live Speech which allows someone to type in messages and have them spoken by your phone.

Over the last few months Windows 11 users have dealt with an annoying bug in Windows Defender. The bug was a continuous restart prompt to “enable” LSA protection. The problem is that LSA was enabled the whole time. The system just did not acknowledge that his was complete and had a flag requiring a reboot to finish the configuration. To combat this Microsoft pushed out a patch that was really little more than removing the reboot flag from the registry.