⚠️ VULNERABILITY DISCLOSURE 2[−]
4 NovFour Zero-Day Flaws Disclosed in Microsoft ExchangeResearchers have disclosed four zero-day vulnerabilities in Microsoft Exchange that can be exploited remotely, potentially allowing attackers to execute arbitrary code or access sensitive information.SECURITYAFFAIRS.COM
4 NovOkta's Recent Customer Support Data Breach Impacted 134 CustomersIdentity and authentication management provider Okta on Friday disclosed that the recent support case management system breach affected 134 of its 18,400 customers. It further noted that the unauthorized intruder gained access to its systems from September 28 to October 17, 2023,…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 6[−]
4 NovAmerican Airlines Pilot Union Hit With RansomwareThe American Airlines pilot union is actively working to restore their systems and prioritize the security of their operations while keeping their pilots informed about the progress.THERECORD.MEDIA
4 NovHilb Group Fears Cybercriminals Stole 81,000 People’s Financial DataThe company discovered suspicious activity in employee email accounts in January 2023 and determined that the breach occurred between December 2022 and January 2023. The stolen data includes names, SSNs, and financial account information.THEREGISTER.COM
4 NovDutch Hacker Jailed for Extortion, Selling Stolen Data on RaidForumsA former Dutch cybersecurity professional named Pepijn Van der Stap has been sentenced to four years in prison for hacking and blackmailing more than a dozen companies. He also infiltrated networks and stole sensitive information.BLEEPINGCOMPUTER.COM
4 NovUpdate: Okta Customer Support System Breach Impacted 134 CustomersThe attackers used stolen session tokens from HAR files to hijack the legitimate Okta sessions of five customers. The breach occurred from September 28 to October 17 and affected less than 1% of Okta's customers.SECURITYAFFAIRS.COM
4 NovUS Sanctions Russian Accused of Laundering Virtual Currency for Ransomware AffiliateThe US Treasury Department has sanctioned a Russian woman named Ekaterina Zhdanova for allegedly laundering virtual currency on behalf of Russian elites and cybercriminals, including a Ryuk ransomware affiliate.THERECORD.MEDIA
4 NovOkta Breach Tied to Worker's Personal Google AccountThreat Actor Used Session Hijacking Technique to Access Files of 134 Okta Customers Days after announcing a security compromise, cloud-based Identity and authentication management provider Okta said that an unknown threat actor accessed files of 134 customers by after an employee…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 1[−]
4 NovApple 'Find My' network can be abused to steal keylogged passwordssubmitted by throws_lemy to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/apple/apple-find-my-network-can-be-abused-to-steal-keylogged-passwords/BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
4 NovStripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million DevicesAn advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat StripedFl…THEHACKERNEWS.COM
4 NovDiscord will switch to temporary file links to block malware deliveryDiscord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 3[−]
4 NovSingapore Public Health Services Hit by DDoS AttacksPublic healthcare institutions in Singapore experienced disruptions in internet connectivity due to DDoS attacks. Synapxe, the agency overseeing these institutions, stated that there is no evidence of a compromise of healthcare or patient data.THERECORD.MEDIA
4 NovGoogle Play Store Introduces 'Independent Security Review' Badge for AppsGoogle is rolling out an "Independent security review" badge in the Play Store's Data safety section for Android apps that have undergone a Mobile Application Security Assessment (MASA) audit. "We've launched this banner beginning with VPN apps due to the sensitive and significan…THEHACKERNEWS.COM
4 NovAndroid’s new real-time app scanning aims to combat malicious sideloaded appsAndroid’s in-built security engine Google Play Protect has a new feature that conducts a real-time analysis of an Android app’s code and blocks it from installing the app if it’s considered potentially harmful. Google announced in October the new real-time app s…TECHCRUNCH.COM