Daily Archives: February 16, 2023

News

BEC groups are using Google Translate to target high value victims

Read Time:37 Second

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide. 

The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted.

While attacking targets across various regions and using multiple languages is not new, in the past, these attacks were perpetrated mainly by sophisticated organizations with bigger budgets and more advanced resources, Crane Hassold, director of Threat Intelligence at Abnormal Security, wrote in his research. 

To read this article in full, please click here

Read More

News

How automation in CSPM can improve cloud security

Read Time:41 Second

With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization’s cloud infrastructure.

A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of issues, compliance management, and alerts and notifications. The integration of robotic process automation (RPA) in CSPM helps to reduce the need to perform repetitive and mundane tasks, making it a powerful tool for organizations to secure and streamline their cloud environment, support the overall security posture, and manage security risks more efficiently.

To read this article in full, please click here

Read More

Advisories

USN-5873-1: Go Text vulnerabilities

Read Time:30 Second

It was discovered that Go Text incorrectly handled certain encodings. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14040)

It was discovered that Go Text incorrectly handled certain BCP 47 language
tags. An attacker could possibly use this issue to cause a denial of service.
CVE-2020-28851, CVE-2020-28852 and CVE-2021-38561 affected only
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-28851, CVE-2020-28852, CVE-2021-38561, CVE-2022-32149)

Read More

News

Smashing Security podcast #309: Synthetic voices, ChatGPT reflections, and social skirmishes

Read Time:21 Second

AI-generated voices are weaponised by online trolls, how ChatGPT reflects who we are as a society, and social media is in the firing line again. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by … Continue reading “Smashing Security podcast #309: Synthetic voices, ChatGPT reflections, and social skirmishes”

Read More