In what seems to be a tit-for-tat move, Chin has announced a ban on products from US chip maker, Micro. The reasons for this are vague with the Cybersecurity Administration of China (CAC) saying it is for National Security reasons. This move comes after the US has banned a couple of technology companies from China for the same reasons and as social time-wasting platform TikTok comes under greater scrutiny in possible preparation of a nationwide ban on the platform. Montana has already signed a ban into law although this ban might not bear the scrutiny of a Constitutional Review.

In the never-ending saga of Ransomware, the threat groups that deploy or leverage this tool for financial gain are always looking for a new method of installation and ways to avoid increasingly sophisticated security measures. Although most organizations might not be employing overly sophisticated security, the really good targets might be. Even the use of advanced MDR/XDR makes the exposure window smaller when it comes to many ransomware attacks.

Long, long ago in a development studio far away there was a concept for a game where the protagonist was something more than just another boss to beat. In 1994 LookingGlass studios launched the game System Shock. It was a 1st person shooter game where you take the role of a “hacker” onboard a space station in 2072. Your nemesis, a malevolent AI called SHODAN. The game was a critical success although it lost money for LookingGlass. System Shock also changed the genre of first-person shooters with its innovative style, story line and, of course, SHODAN.

Video editing software CapCut users are being targeted by attackers to push different strains of malware. For those that are not aware of that CapCut is, it is a video editor and maker for TikTok and is the official one at that (ByteDance also owns TikTok). With over 500 million downloads from Google Play alone it is clearly a very popular app for people to grab to feed their TikTok streams with. It was only a matter of time before someone decided to go after the poplar app and with the growing number of bans and lock outs for ByteDance and their services, offering what appears to be an alternative way to get this software makes sense (from an attacker perspective).

First identified in January of 2023, Samsung has put a warning about a CVSS 4.4 vulnerability (CVE-2023-21492) that Is actively being exploited in the wild. The flaw, which impacts Samsung devices that are running Android 11, 12, and 13, was first disclosed to Samsung privately on January 17th, 2023. CISA (Cybersecurity and Infrastructure Security Agency) has also issued a warning about the flaw.

PyPI (the Python Package Index) has stopped allowing the creation of new accounts and the upload of new packages. This move has been put in place to deal with a massive increase in identified malicious users and packages. This decision comes as other repositories like NPM and even Microsoft VSCode have identified new malware posing as well-known projects. Supply chain attacks and typo-squatting are not really a new thing and increases in attacks on repositories often happen on a fairly regular basis. However, the increase across three popular repos can been seen as a larger threat when put in context of the general IT market.

A couple of accountants came up the laneway the other day… No this is not a “Letterkenny” episode, but the cold intro style was spot to me for this one. It seems that in the pre-covid world many companies were in the process of buying up or moving to beautiful new office spaces. Some of these spaces had glorious open areas, beautiful break rooms and, of course, space for all. Then Covid hit and the lock downs. This forced those same companies to abandon those spaces and work like crazy to get everyone to work from home. Now the bill on those same spaces has come due and companies are calling everyone home.

TrendMicro made a shocking revelation at Black Hat Asia 2023 where they disclosed an operation that has been running since 2018 targeting Android devices. The scheme was uncovered in 2021 while researchers at TrendMicro were looking into SMS PVA (Phone Verified Accounts) mobile bot net. They identified that the botnet had been helped along by a supply chain attack targeting the image used by OEM to rapidly deploy the OS onto the devices.

Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.

After learning that there were malicious ads containing links to ChatGPT apps (for Windows), Apple launched a legitimate app for IOS. The app brings the very popular LLM to Apple users at a time when some are becoming more hesitant about its use. It has not been that long since Samsung accidentally leaked confidential information via the platform. This prompted both Microsoft (a heavy investor) and OpenAI themselves to start work on private environments where data put into the model is not used to train it.