Office Sentinel

A new malware toolset has been discovered and analyzed by security experts at SentinelOne. Dubbed “AlienFox” by the team, the toolkit can harvest credentials for multiple cloud service providers. An advisory published on Thursday by SentinelOne threat researcher Alex Delamotte shows that attackers used AlienFox to successfully harvest API keys and secrets from various services, including

by Paul Ducklin HOW TO TURN YOURSELF IN No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of

The Italian Data Protection Authority (Garante per la protezione dei dati personali) has temporarily suspended the use of the artificial intelligence (AI) service ChatGPT in the country. The privacy watchdog opened a probe into OpenAI’s chatbot and blocked the use of the service due to allegations that it failed to comply with Italian data collection rules.

by Paul Ducklin In the early days of personal computers, everyone knew why backups were important. Computer storage simply wasn’t as reliable as it is today, and it wasn’t a question of if you’d lose vital files through no fault of your own, but when it would happen. (Possibly today; probably tomorrow; almost certainly by

Threat actors suspected to be operating for the North Korean government have been observed trojanizing versions of the voice and video calling desktop client 3CX DesktopApp to launch attacks against several victims. The Symantec threat intelligence team shared the findings in an advisory published earlier today, explaining the attackers’ tactics were similar to those used against

by Paul Ducklin NB. Detection names you can check for if you use Sophos products and servicesare available from the Sophos X-Ops team on our sister site Sophos News. Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to

Google’s Threat Analysis Group (TAG) has revealed tracking over 30 commercial spyware vendors that facilitate the spread of malware by government-backed threat actors. Writing in a blog post published earlier today, TAG’s Clement Lecigne said these vendors are arming countries that would otherwise not be able to develop these tools. “While the use of surveillance

by Naked Security writer The UK’s National Crime Agency (NCA) has recently announced work that it’s been doing as an ongoing part of a multinational project dubbed Operation PowerOFF. The idea seems to be to use fake cybercrime-as-a-service sites to attract the attention of impressionable youngsters who are hanging around on the fringes of cybercrime

A malware campaign targeting cryptocurrency wallets has been recently discovered by security researchers at Kaspersky. Discussing the findings in an advisory published today, the company said the attacks were first observed in September 2022 and relied on malware replacing part of the clipboard contents with cryptocurrency wallet addresses. “Despite the attack being fundamentally simple, it

by Paul Ducklin Apple’s latest update blast is out, including an extensive range of security patches for all devices that Apple officially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware in Apple’s super-cool external Studio

Microsoft announced a new information disclosure vulnerability on Friday, for a bug affecting its screenshot editing tools in both Windows 10 and Windows 11.  The vulnerability (CVE-2023-28303) is called aCropalypse and could enable malicious actors to recover sections of screenshots, potentially revealing sensitive information.  Read more on screenshot-supported malware here: New Threat Group Reviews Screenshots Before Striking

by Paul Ducklin Last week was aCropalypse week, where a bug in the Google Pixel image cropping app made headlines, and not just because it had a funky name. (We formed the opinion that the name was a little bit OTT, but we admit that if we’d thought of it ourselves, we’d probably have wanted

The repository hosting service GitHub has announced it is replacing its existing RSA SSH host key with a new one as a precautionary measure after discovering the key was momentarily exposed in a public repository. “We immediately acted to contain the exposure and began investigating to understand the root cause and impact,” GitHub wrote in an

Vulnerable code has been discovered in the payment solution plugin WooCommerce for the WordPress content management system (CMS) that could allow an unauthenticated attacker to gain administrative privileges and take over a website. The findings come from WordPress security experts at Wordfence, who described the critical authentication bypass in a blog post published on Thursday.