Meta takes on malicious Android and iOS apps

#Discussion(Security) [ via IoTGroup ]

A long-running Chinese-linked cyber espionage group called Budworm (APT27) targeted a U.S. state legislature’s network, marking the outfit’s first confirmed attack against the U.S. in over six years.A novel timing attack can be abused to identify scoped npm packages used by organizations, allowing a threat actor to create malicious public packages using the same names in order to trick employees into downloading the doppelganger versions.

A new social engineering attack is tricking customers of Italian banks into entering their phone number and other sensitive information into phishing websites — which cyber criminals then use to call victims and coerce them into installing an Android malware called Copybara on their smartphones.A comprehensive, multiplatform “all-in-one” attack framework called Alchimist appears to be actively used in attacks targeting Windows, Linux, and macOS systems, pointing to an uptick in the use of ready-made malware platforms to evade detection and drop implants on targets.A critical security flaw has been disclosed in Siemens SIMATIC PLCs that could allow attackers to extract cryptographic keys embedded within the products to secure confidential configuration data, and potentially compromise the devices in an “irreparable way.” The findings are a reminder that “any encryption-based security architecture is only as secure as the management of the keys on which it is based and can become vulnerable over time.” [The Hacker News

Read More..
AutoTextExtraction by Working BoT using SmartNews 1.03976805238 Build 04 April 2020