April 2023 – Page 15 – PossibleThreat Articles

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Tue, 11 Apr 2023 17:00:00 +0000

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.

The post Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign appeared first on Microsoft Security Blog.

Security Sophos

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

April 11, 2023 0 Comments blackmail, data breach, extortion, malware, msi, private key, Ransomware, supply chain

Credit to Author: Paul Ducklin| Date: Tue, 11 Apr 2023 16:58:48 +0000

Stealing private keys is like getting hold of a medieval monarch’s personal signet ring… you get to put an official seal on treasonous material.

Microsoft Security

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

April 11, 2023 0 Comments cybersecurity, Microsoft, Microsoft security intelligence, Mobile, private-sector offensive actor (psoa), Security

Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 11 Apr 2023 16:00:00 +0000

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog.

Security Wired

How to Use Apple’s New All-In-One Password Manager

April 11, 2023 0 Comments Security, Security / Privacy, Security / Security Advice

Credit to Author: Justin Pot| Date: Tue, 11 Apr 2023 13:00:00 +0000

Your iPhone, iPad, and Mac now have a built-in password feature, complete with two-factor authentication.

MalwareBytes Security

How the cops buy a “God view” of your location data, with Bennett Cyphers: Lock and Code S04E09

April 10, 2023 0 Comments Podcast

Categories: Podcast

This week on Lock and Code, we speak with Bennett Cyphers about one largely unknown company’s efforts to package and sell Americans’ location data almost exclusively to cops.

Security TrendMicro

Secure Cloud Migration 101

April 10, 2023 0 Comments trend micro devops : article, trend micro devops : best practices, trend micro devops : compliance, trend micro devops : multi cloud, trend micro devops : workload security

Credit to Author: Andrew Stevens| Date: Tue, 28 Mar 2023 00:00:00 +0000

Cloud migration is a journey, not a destination. Learn the basics of security for making the (gradual) switch, so you can get the most out of what the cloud has to offer.

Security Sophos

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

April 10, 2023 0 Comments Apple, Exploit, iOS, kernel bug, OS X, rce, spyware, vulnerability

Credit to Author: Paul Ducklin| Date: Mon, 10 Apr 2023 20:20:44 +0000

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices – patch now!

ComputerWorld Independent

Tech bigwigs: Hit the brakes on AI rollouts

April 10, 2023 0 Comments Artificial intelligence, chatbots, Emerging Technology, Google, Microsoft, Privacy, Security

More than 1,100 technology luminaries, leaders, and scientists have issued a warning against labs performing large-scale experiments with artificial intelligence (AI) more powerful than ChatGPT, saying the technology poses a grave threat to humanity.

In an open letter published by Future of Life Institute, a nonprofit organization with the mission to reduce global catastrophic and existential risks to humanity, Apple co-founder Steve Wozniak and SpaceX and Tesla CEO Elon Musk joined other signatories in agreeing AI poses “profound risks to society and humanity, as shown by extensive research and acknowledged by top AI labs.”

To read this article in full, please click here

ComputerWorld Independent

Still using Windows 10 21H2? Time to upgrade

April 10, 2023 0 Comments Security, small and medium business, Windows, Windows 10

So you have a Windows 10 computer — or a fleet of them. But which exact version of Windows 10? If you are on Windows 10, version 21H2, its end of servicing is coming up on June 13, 2023. For Windows 10 Home, Windows 10 Pro, Windows 10 Pro Education, and Windows 10 Pro for Workstations, version 21H2 will stop being offered updates — including security updates — after June. (For Windows 10 Enterprise and Windows 10 Education customers, support for 21H2 lasts another year.)

Why should you upgrade to a new feature release if your existing machines are working just fine? As Windows 10 comes into its final years of support (through to 2025), it’s key to keep machines on supported versions so you can receive security updates. Take the time to review the machines under your control and ensure that they are ready for the end of 21H2 support.

To read this article in full, please click here

Security Sophos

Popular server-side JavaScript security sandbox “vm2” patches remote execution hole

April 8, 2023 0 Comments Exploit, rc e, sandbox, vm2, vulnerability

Credit to Author: Paul Ducklin| Date: Sun, 09 Apr 2023 00:28:42 +0000

The security error was in the error handling system that was supposed to catch potential security errors…