A number of cybersecurity issues have recently emerged, ranging from vulnerabilities to adversary campaigns, and even a critical bug in Gigabyte firmware, according to security reports.
According to one report, a critical security flaw has been discovered in the MOVEit Managed File Transfer system from Ipswitch, which allows hackers to compromise the security of the platform and access confidential files. The system is used by a number of companies around the world, including some large financial institutions.
In another report, cybersecurity firm Ensilo has uncovered a new form of malware that specifically targets Android users who wish to download and install modified applications. This form of malware has proved especially effective as the fake application looks identical to the legitimate app on the surface and is downloaded from a legitimate looking website.
In a third report, security experts have found a “backdoor-like issue” in Gigabyte firmware that could enable hackers to take control of a system and compromise data. The issue was discovered by cybersecurity firm Eclypsium and Gigabyte has stated that it would issue a firmware update to address the issue.
Meanwhile, the US National Security Agency (NSA) has issued a warning about North Korean hacking campaigns that have been targeting a number of US think tanks, universities, and media organizations. The campaign, which has been dubbed “AVALANCHE”, is said to be a spearphishing campaign that sends fake job and internship offers to the targeted organizations.
In addition, cybersecurity experts are also warning of a new criminal campaign that is using the credentials of vendors and contractors to try to penetrate networks. The campaign sends fake emails that appear to come from a vendor or contractor and requests payment for services rendered. Once payment has been made, the hackers then use the compromised credentials to try to gain access to the victim’s network.
One major issue that has been highlighted in a report by cybersecurity firm Mitiga is a significant forensic discrepancy found in Google Drive. The issue could enable hackers to manipulate files and folders on a user’s drive, without been detected. Mitiga has recommended that users be extremely cautious when sharing Google Drive files with anyone, even external partners.
Finally, British cybersecurity firm SureCloud has warned of a sophisticated new smishing campaign that is targeting users in the Middle East. The campaign sends fake messages, purporting to be from a legitimate company, and asks the user to call a number to prevent their account from being suspended or compromised. Once the user calls the number, they are then prompted to enter personal information, which the hackers use to steal their identity.
Overall, these reports emphasize the importance of being vigilant and implementing robust security measures in order to protect against the ever-evolving nature of cyber threats. Taking proactive steps such as implementing regular software updates, using multi-factor authentication, and training staff to be aware of security risks can go a long way in ensuring that organizations remain secure against these threats.