Google Unveils Major Update to Authenticator App with Cloud Sync Option. In a major update to its Authenticator app, Google has added an account synchronisation option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's iCloud Keychain and addresses a...
Read More
Service NSW Apologizes for Brief Software Bug that Exposed Users' Information. Service NSW has issued an apology after a software bug briefly allowed users to view other users' information on the "My services" dashboard. A spokesperson for Service NSW has confirmed that the issue was present on Monday, March 20, between 1:20 pm and 3:00 pm. The problem was limited to the landing dashboard when customers...
Read More
Chinese online fashion retailer, Shein, has been found to have had a bug in an older version of its Android application that periodically captured and transmitted clipboard contents to a remote server. The issue was discovered by the Microsoft 365 Defender Research Team in version 7.9.2 of the app, which was released on December 16, 2021. The issue has since been addressed as of May...
Read More
On February 23, 2023, Jamf Threat Labs uncovered evasive cryptocurrency mining malware targeting macOS systems. The XMRig coin miner was being deployed as a trojanized version of the legitimate application Final Cut Pro, a video editing software from Apple. The malicious mining process was found to be sourced from Pirate Bay, with uploads dating back to 2019. It is believed that the malware was delivered as...
Read More
China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...
