Google is adding support for Message Layer Security (MLS) to its Messages service for Android, enabling end-to-end encryption with interoperability across different messaging platforms. The protocol, recently released as an RFC by the Internet Engineering Task Force (IETF), provides continuous group key agreement for secure communication among multiple participants and offers post-compromise security and forward secrecy. Major companies like Amazon Web Services (AWS), Cisco, and Cloudflare have also endorsed MLS, aiming to enhance the security and privacy of messaging services.
Atera’s remote monitoring and management software’s Windows Installers were found to contain zero-day vulnerabilities that could lead to privilege escalation attacks. The flaws, discovered by Mandiant, allow potential attackers to execute arbitrary code with elevated privileges, presenting serious security risks. Atera has released updated versions (18.104.22.168 and 22.214.171.124) to remediate the issues, emphasizing the importance of thorough review and prevention of misconfigured Custom Actions to protect against such attacks. Additionally, Kaspersky revealed an actively exploited privilege escalation flaw (CVE-2023-23397) in Windows that targeted government and critical infrastructure entities in various countries before public disclosure.
Cybersecurity researchers at Checkmarx have reported two separate incidents where threat actors attempted to introduce malware into the software development environments of two different banks via poisoned packages on the Node Package Manager (npm) registry. These attacks marked the first instances of adversaries targeting banks through the open source software supply chain and involved advanced techniques, including the use of Azure’s CDN subdomains to deliver the second-stage payload, which was identified as the Havoc Framework. The attacks aimed to steal sensitive data, login credentials, and potentially gain access to the banks’ networks, highlighting the need for heightened security measures to protect against such threats in the financial sector.
The connection between Russian cybercrime collective KillNet and the Kremlin remains uncertain, but its cyberattacks appear to align with Russian state interests. KillNet’s media branding strategy is proving effective, attracting more cybercriminals and their skills into the organization, potentially consolidating Russian hacker power under one entity. While there is limited direct evidence of collaboration with the Russian security services, the collective’s increasing capabilities and alignment with Russia’s geopolitical interests raise concerns among cybersecurity professionals about its potential threat.
Atlassian has disclosed three remote code execution (RCE) vulnerabilities affecting Confluence Data Center & Server (CVE-2023-22505, CVE-2023-22508) and Bamboo (CVE-2023-22506). The flaws could potentially allow threat actors to take full control of Atlassian instances, putting cloud infrastructure, software supply chain, and other critical assets at risk. Admins are urged to apply the patches immediately to prevent exploitation and safeguard their systems.
Reports indicate that Google is blocking certain staff members’ internet access in an effort to bolster its cybersecurity. The pilot program restricts internet access to internal web-based tools and Google-owned sites, but some employees are allowed to opt-out after expressing dissatisfaction with the restrictions. While the move may reduce potential malware attacks, it raises questions about employee productivity and the contradiction with Google’s mission to make information universally accessible.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.