News

First identified in January of 2023, Samsung has put a warning about a CVSS 4.4 vulnerability (CVE-2023-21492) that Is actively being exploited in the wild. The flaw, which impacts Samsung devices that are running Android 11, 12, and 13, was first disclosed to Samsung privately on January 17th, 2023. CISA (Cybersecurity and Infrastructure Security Agency) has also issued a warning about the flaw.

PyPI (the Python Package Index) has stopped allowing the creation of new accounts and the upload of new packages. This move has been put in place to deal with a massive increase in identified malicious users and packages. This decision comes as other repositories like NPM and even Microsoft VSCode have identified new malware posing as well-known projects. Supply chain attacks and typo-squatting are not really a new thing and increases in attacks on repositories often happen on a fairly regular basis. However, the increase across three popular repos can been seen as a larger threat when put in context of the general IT market.

TrendMicro made a shocking revelation at Black Hat Asia 2023 where they disclosed an operation that has been running since 2018 targeting Android devices. The scheme was uncovered in 2021 while researchers at TrendMicro were looking into SMS PVA (Phone Verified Accounts) mobile bot net. They identified that the botnet had been helped along by a supply chain attack targeting the image used by OEM to rapidly deploy the OS onto the devices.

Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.