A new malware strain called ZenRAT is distributed via fake installation packages of the Bitwarden password manager. According to Proofpoint researchers, the malware is a modular Remote Access Trojan (RAT) capable of stealing information. ZenRAT is hosted on fake websites claiming to be associated with Bitwarden, but it is unknown how traffic is being directed to the domains. In the past, such malware was spread through phishing, malvertising, and Search Engine Optimization (SEO) poisoning attacks. This article continues to discuss findings regarding the new ZenRAT malware strain.

According to Veracode, apps developed by organizations in Europe, the Middle East, and Africa tend to have more security vulnerabilities than those made by their US counterparts. EMEA also has the highest percentage of high-severity vulnerabilities, which, if exploited, would pose a significant problem to businesses. Researchers discovered that over 80 percent of apps developed by EMEA organizations contained at least one security vulnerability detected in their latest scan over the last 12 months, compared to about 73 percent of apps developed by US organizations.

Mozilla recently announced security updates for both Firefox and Thunderbird, addressing a total of nine vulnerabilities in its products, including high-severity flaws.  Firefox 118 was released to the stable channel with patches for all nine vulnerabilities, which are memory issues, and most could lead to exploitable crashes.  According to Mozilla, the first two high-severity flaws tracked as CVE-2023-5168 and CVE-2023-5169 are out-of-bounds write issues in the browser’s FilterNodeD2D1 and PathOps components.

Northeastern University professor of electrical and computer engineering and computer science Kevin Fu has found a method to extract audio from images and even muted videos. Using Side Eye, a Machine Learning-based tool that Fu and his research team developed, it is possible to determine the gender and precise words of a person speaking in a room where a picture was taken. Side Eye introduces an entirely new world of cybersecurity threats that people and cybersecurity professionals should be aware of.

By krahal

By grigby1 

By aekwall 

Apple recently announced the release of macOS 14 Sonoma.  Apple noted that the latest version of the operating system patches more than 60 vulnerabilities.  Apple stated that the flaws can be exploited to obtain potentially sensitive information (location, calendar, contacts, photos, credentials), execute arbitrary code with elevated privileges, escape the sandbox, read arbitrary files, cause a denial-of-service (DoS) condition, escalate privileges, bypass security mechanisms, delete files, modify protected parts of the file system, and conduct UI spoofing.

Data compression has been used to improve web performance and user experience. It reduces the size of files and resources, such as images, video, and text, before their transmission over the Internet. Therefore, the process reduces the amount of data transferred and enables faster load times. However, data compression has become a source of side-channel attacks that can leak personal information about users to potential adversaries. In most previously known side-channel attacks, data leaks happen because of software-visible uses of compression.

The data encrypted online today, from financial and personal identification information to military operations and intelligence data, could be decrypted quickly by an adversary with access to a cryptographically relevant quantum computer in the future. The Post-Quantum Cryptography (PQC) Coalition has been established by a community of technologists, researchers, and expert practitioners to advance the understanding and adoption of PQC and the National Institute of Standards and Technology's (NIST) PQC algorithms.