🚨 CISA KEV 1[−]
1 Dec KEVCISA Removes One Known Exploited Vulnerability From CatalogCISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Exe…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
1 Dec KEVZero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited FlawsApple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web b…THEHACKERNEWS.COM
1 DecZyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP DevicesZyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are liste…THEHACKERNEWS.COM
1 Dec KEVApple Rolls Out iOS, macOS, and Safari Patches for Two Actively Exploited FlawsThe two actively exploited security flaws, CVE-2023-42916 and CVE-2023-42917, were found in the WebKit web browser engine and could leak sensitive information or allow arbitrary code execution.THEHACKERNEWS.COM
1 DecPoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)The vulnerability arises from the failure to safely sanitize user-supplied extensible stylesheet language transformations (XSLT), enabling attackers to upload malicious XSLT and gain remote access to Splunk Enterprise instances.HELPNETSECURITY.COM
1 DecBluetooth security flaws reveals all devices launched after 2014 can be hackedsubmitted by bless to cybersecurity 1 points | 0 comments Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks. The vulnerabilities impact all devices with Bluetooth 4.2 and Bluetooth 5.4…INFOSEC.PUB
1 DecBluetooth security flaws reveals all devices launched after 2014 can be hackedsubmitted by bless to cybersecurity 1 points | 0 comments Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks. The vulnerabilities impact all devices with Bluetooth 4.2 and Bluetooth 5.4…SH.ITJUST.WORKS
1 Dec KEVApple patches info-stealing, zero day bugs in iPads and MacsApple has released patches for a couple of security issues found within its Webkit web browser engine that the iPhone maker believes have had zero day exploitations. Tracking them as CVE-2023-42916, and CVE-2023-42917, Apple said these vulnerabilities can be exploited while proce…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
1 DecAI and LLMs – Think of the Children w/ Josh More & Matthew Carpenter – PSW #808Join us live at 6pm ET. Today we cover AI and LLMs – Think of the Children with Josh More, President & Peon at Eyra Security. What will the future bring with respect to #AI and #LLMs? Josh has spent some time thinking about this and brings us some great resources. In Segment 2, w…YOUTUBE.COM
1 DecCybercrime is booming: understanding why and what we can do about it - Keith Jarvis - ESW #341As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while. Keith Jarvis walks us through the late…YOUTUBE.COM
1 DecVulnerability Reporting, Zyxel, GPS Spoofing - PSW #808We navigate through dangerous cyber terrain, examining real-world examples like the WebP library and the Curl vulnerability. Critical issues in Zyxel firewalls will also be unmasked as we shed light on the urgency of improving vulnerability reporting and cataloging and addressing…YOUTUBE.COM
1 DecU.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign AgentsThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasur…THEHACKERNEWS.COM
1 DecCritical Zoom Vulnerability Let Attackers Take Over MeetingsZoom, the most widely used video conferencing platform has been discovered with a critical vulnerability that threat actors could potentially exploit for various malicious purposes. This vulnerability was reported as part of the H1-4420 Hacking event conducted in June 2023. This …GBHACKERS.COM
1 DecOpen-Source LLM Security Scanner Vigil Helps Prevent Prompt InjectionVigil focuses on identifying prompt injections, jailbreaks, and other potential vulnerabilities. Its creator, Adam M. Swanda, developed the tool to improve security practices around LLM applications.HELPNETSECURITY.COM
1 DecLogoFAIL Bugs in UEFI Code Allow Planting Bootkits via ImagesLogoFAIL is a set of security vulnerabilities that affect the image-parsing components in the UEFI code used by various vendors. These vulnerabilities can be exploited to hijack the booting process and deliver bootkits.BLEEPINGCOMPUTER.COM
1 DecNew FjordPhantom Android Malware Targets Banking Apps in Southeast AsiaCybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging …THEHACKERNEWS.COM
1 DecCactus Ransomware Exploiting Qlik Sense code execution VulnerabilityA new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense for initial access. Qlik Sense is a data discovery and analytics platform that allows you to visualize and analyze data from various sources. It has a modern interface, a relational analytics …GBHACKERS.COM
1 Dec KEVApple releases security updates for iOS, iPadOS and macOS, fixing two actively exploited zero-daysApple has released security updates for iPhones, iPads and Macs to patch against two vulnerabilities, which the company says are being actively exploited to hack people. The technology giant rolled out new software updates, iOS and iPadOS 17.1.2, and macOS 14.1.2, following a vul…TECHCRUNCH.COM
1 DecRussian and Chinese Interference Networks are ‘Building Audiences’ Ahead of 2024, Warns MetaMeta has disrupted influence operations from China and Russia, highlighting the challenges posed by generative artificial intelligence and the use of perception hacking to sow doubt in democratic processes.THERECORD.MEDIA
1 DecApple Releases Security Updates for Multiple ProductsApple has released security updates to address vulnerabilities within Safari, macOS Sonoma, iOS, and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following adv…CISA.GOV
1 DecVMware fixes critical Cloud Director auth bypass unpatched for 2 weeksVMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. [...]BLEEPINGCOMPUTER.COM
1 DecIs China waging a cyber war with Taiwan?With geopolitical tensions and a trade war acting as a backdrop, China-led cyberattacks on Taiwan are rising sharply, according to multiple security reports. In the latest report about alleged China-sponsored cyberattacks on Taiwan, Kate Morgan, a senior engineering manager in Go…CSOONLINE.COM
1 DecCooking Intelligent Detections from Threat Intelligence (Part 6)This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#6 in the series), we will covers some DOs and DON’Ts regarding TI/CTI and DE interaction and continue building the TI -> …MEDIUM.COM
1 DecCactus Ransomware Using Qlik Bugs, DanaBot in Latest AttacksOperators Exploit Flaws in Data Analytics Platform to Access Corporate Networks Operators of a new ransomware strain dubbed Cactus are using critical vulnerabilities in a data analytics platform to gain access to corporate networks. Cactus ransomware operators are also getting an…DATABREACHTODAY.CO.UK
1 DecThe Week in Ransomware - December 1st 2023 - Police hits affiliatesAn international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. [...]BLEEPINGCOMPUTER.COM
1 DecCISA, FBI, NSA, EPA and INCD Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems FacilitiesToday, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sect…CISA.GOV
1 DecIRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems FacilitiesSUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—ar…CISA.GOV
📢 SECURITY ADVISORIES 5[−]
1 DecChinese Hackers Using SugarGh0st RAT to Target South Korea and UzbekistanA suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, le…THEHACKERNEWS.COM
1 DecFrench government recommends against using foreign chat appsPrime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such as Signal, WhatsApp, and Telegram by December 8, 2023, in favor of a French messaging app named 'Olvid.' [...]BLEEPINGCOMPUTER.COM
1 DecCongressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen AnywhereMembers of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable. The post Congressmen Ask DOJ to Investigate Water Ut…SECURITYWEEK.COM
1 DecBritish Lawmakers Push Ahead With Modifying UK GDPRData Protection and Digital Information Bill Heads to the House of Lords British Conservative lawmakers are pushing ahead with legislation modifying the U.K. codification of European privacy law despite objections from privacy advocates and concerns about the legislation's impact…DATABREACHTODAY.CO.UK
1 DecUS Bipartisan Lawmakers Urge Crackdown on Chinese LiDARHouse Members Warn That Chinese-Made LiDAR Technology May Already Be in US Devices A bipartisan group of lawmakers urged the Biden administration to consider intensifying restrictions on semiconductor sales to Chinese companies in a bid to ensure that U.S. remote-sensing technolo…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 17[−]
1 DecNorth Texas Water Utility Serving Two Million Hit With CyberattackNorth Texas Municipal Water District (NTMWD) has experienced a cyberattack on its business computer network, but its core water, wastewater, and solid waste services remain unaffected.THERECORD.MEDIA
1 DecIOTW: Okta data breach affects all customer support usersHackers stole information on all users of Okta’s customer support systemCSHUB.COM
1 DecBlack Basta Ransomware Made Over $100 Million From ExtortionBlack Basta has collected over $100 million in ransom payments from over 90 victims since April 2022. High-profile victims targeted by Black Basta include the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, and Rheinmetall.BLEEPINGCOMPUTER.COM
1 DecEnglish Council Spent $1.4 Million Recovering From Ransomware AttackThe attack, initiated through a spearphishing email, exposed failures in the council's cybersecurity measures, including the lack of a security information and event management system, hindering the investigation and remediation process.THERECORD.MEDIA
1 DecHotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit CardsAccording to a recent report by Secureworks, a well-planned and advanced phishing attack was carried out, specifically targeting hotels and their guests, through the popular website Booking.com. The attackers utilized a sophisticated phishing campaign to lure unsuspecting victims…GBHACKERS.COM
1 DecFive Resolutions to Prepare for SEC’s New Cyber Disclosure RulesThe new SEC rules on cybersecurity risk management and incident disclosure will require publicly traded companies to reevaluate their security strategies and provide investors with a greater understanding of the cyber threats they face.HELPNETSECURITY.COM
1 DecHackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine MalwareThe ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer malware, and its new variant was being marketed in underground communities. Threat actors use the ScrubCrypt obfuscation tool to hel…GBHACKERS.COM
1 DecNew ‘Turtle’ macOS Ransomware AnalyzedNew Turtle macOS ransomware is not sophisticated but shows that cybercriminals continue to target Apple devices. The post New ‘Turtle’ macOS Ransomware Analyzed appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecUpdate: MGM CFO Expects Insurance to Cover Cyberattack CostsThe impact of the cyberattack on MGM Resorts was largely felt in September and has been mostly resolved by October, with the company reporting that business is back to normal.CYBERSECURITYDIVE.COM
1 DecWe Hacked Ourselves With DNS Rebindingsubmitted by L4s to secops 1 points | 0 comments https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding We Hacked Ourselves With DNS Rebinding::This post is the first in a two-part series on DNS rebinding in web browsers. In this post, I will talk about a bug we …INTRUDER.IO
1 DecStaples Confirms ‘Cybersecurity Risk’ Disrupting Online StoresOffice supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines. The post Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecHackers use new Agent Raccoon malware to backdoor US targetsA novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa. [...]BLEEPINGCOMPUTER.COM
1 DecCyber Security Today, Week in Review for Friday, Dec. 1, 2023This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms were hackedCYBERSECURITYTODAY.LIBSYN.COM
1 Dec23andMe says hackers accessed ‘significant number’ of files about users’ ancestryGenetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into…TECHCRUNCH.COM
1 DecISMG Editors: What Did the Sam Altman-OpenAI Saga Teach Us?Also: ChatGPT Turns 1 Year Old; Police Nab Ransomware Gang Chief in Ukraine In the latest weekly update, four editors at Information Security Media Group discuss Sam Altman and OpenAI's brief leadership nightmare, the state of generative AI one year after the general release of C…DATABREACHTODAY.CO.UK
1 DecSurgical Practice Notifying 437,400 Patients of Data TheftThe Incident Involves Ransomware Encryption and Follows Familiar, Concerning Trends A large, Seattle-based surgical group is notifying nearly 437,400 individuals that their information was potentially compromised in a ransomware and data theft incident earlier this year. The brea…DATABREACHTODAY.CO.UK
1 DecTrickBot Developer Pleads Guilty in US CourtVladimir Dunaev Faces Up to 35 Years in Prison A Russian national pleaded guilty in U.S. federal court for his role in developing TrickBot. Operators of the malware targeted hospitals and healthcare centers with ransomware attacks during the height of the novel coronavirus pandem…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 20[−]
1 DecISC Stormcast For Friday, December 1st, 2023 https://isc.sans.edu/podcastdetail/8760, (Fri, Dec 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 DecZyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devicessubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html?m=1THEHACKERNEWS.COM
1 DecNew SugarGh0st RAT Targets Uzbekistan Government and South KoreaThe campaign involves the use of Windows Shortcut files embedded with malicious JavaScript to deliver the components of the trojan, and there are indications that a Chinese-speaking threat actor is behind the attacks based on the samples.TALOSINTELLIGENCE.COM
1 DecCyber Security Today, December 1, 2023 -More on Booking.com compromisesThis episode reports on how a hotel allowed its reservation system to be abused by a crook, US hits at a cyrptocurrency mixer used by North Korea, and moreCYBERSECURITYTODAY.LIBSYN.COM
1 DecSimple Attack Allowed Extraction of ChatGPT Training DataResearchers found that a ‘silly’ attack method could have been used to trick ChatGPT into handing over training data. The post Simple Attack Allowed Extraction of ChatGPT Training Data appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecUS Sanctions North Korean Cyberespionage Group KimsukyThe US has announced sanctions against North Korean cyberespionage group Kimsuky over its intelligence gathering activities. The post US Sanctions North Korean Cyberespionage Group Kimsuky appeared first on SecurityWeek .SECURITYWEEK.COM
1 DecAI Decides to Engage in Insider TradingA stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better per…SCHNEIER.COM
1 DecIn Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader UnmaskedNoteworthy stories that might have slipped under the radar: Utilities in US and Europe targeted in attacks, aerospace hacks, and Killnet leader unmasked. The post In Other News: Utilities Targeted by Hackers, Aerospace Attacks, Killnet Leader Unmasked appeared first on SecurityWe…SECURITYWEEK.COM
1 DecCybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More – SWN #345Join us at 12pm ET as we talk about #Cybertruck, #Okta, #Google and More Google, Black Basta, #Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. → Watch Live Here: https://securityweekly.com/live →Subscribe to our podcasts: https://securityweekly.com/sub…YOUTUBE.COM
1 DecBSidesCHS 2022 - Charleston - 8 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/daeec241-5f8e-434b-a897-3a60836f0674.png BSidesCHS 2022 playlistINFOSEC.PUB
1 DecGreHack 2023 - 8 Talks -submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/62169469-c06b-4bc1-a606-36e5083c875f.png Conference held on Nov 11 2023, Saint-Martin-d’Hères, France. GreHack 2023 schedule from the website GreHack 2023 - 8 Talks on one big youtube videoINFOSEC.PUB
1 DecCybertruck | Okta | Google | Black Basta | Zoom | Unitronics | Aaran Leyland & More! – SWN345This week, Doug Talks: Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn345 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https:…YOUTUBE.COM
1 DecSecurity Awareness Training Can Help Defeat Deepfake and AI PhishingThere is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem.KNOWBE4.COM
1 DecVishing Gang Takes Victims for “Tens of Millions” Using Little More than Social EngineeringCzech and Ukrainian police have arrested six individuals responsible for a call center-based vishing scam designed to trick victims into thinking they were already victims of fraud.KNOWBE4.COM
1 DecNorth Korea's Supercharged State-Backed Cryptocurrency TheftReport Says State Backing Makes Pyongyang's Hackers Like Cybercriminals on Steroids To service the perpetually cash-starved regime of North Korea, hackers will continue their relentless onslaught on cryptocurrency - and all users of it - with state backing to industrialize their …DATABREACHTODAY.CO.UK
1 DecCybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-345YOUTUBE.COM
1 DecUS Government Sanctions North Korea’s Kimsuky Hacking GroupKimsuky is known for its aggressive social engineering tactics and targets governments, nuclear organizations, and foreign relations entities to gather intelligence for North Korea's interests.BLEEPINGCOMPUTER.COM
1 DecCybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-345YOUTUBE.COM
1 DecFriday Squid Blogging: Strawberry Squid in the GalápagosScientists have found Strawberry Squid, “whose mismatched eyes help them simultaneously search for prey above and below them,” among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news tha…SCHNEIER.COM
1 DecISACA Generative AI Survey: Training Gaps, Focus on SecurityAI and Governance Expert Stresses Importance of Training for All Employees According to a recent pulse poll from ISACA on generative AI, only 6% of respondents' organizations are providing training to all staff on AI, and more than half - 54% - say that no AI training is provided…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
1 DecOpening Critical Infrastructure: The Current State of Open RAN SecurityThe Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Cont…TRENDMICRO.COM
1 DecQakbot Takedown Aftermath: Mitigations and Protecting Against Future ThreatsThe U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may …THEHACKERNEWS.COM
1 DecHackers Use new Tool Set in Targeted Attacks Against Middle East, Africa and the USA new set of tools, including a backdoor, a credential-stealing module, and a customized version of Mimikatz, has been used in targeted attacks against organizations in the Middle East, Africa, and the U.S.UNIT42.PALOALTONETWORKS.COM
1 DecTrickBot malware dev pleads guilty, faces 35 years in prisonOn Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 16[−]
1 DecWhatsApp’s New Secret Code Feature Hides Your Locked ChatsWhatsApp has introduced a new Secret Code feature that allows users to set a custom password to hide and protect their locked chats. The Chat Lock feature automatically conceals locked chat details from notifications.BLEEPINGCOMPUTER.COM
1 DecDiscover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS AttacksThe most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached 800 Gbps, but now, even a peak as high as 1.5+ Tbps is …THEHACKERNEWS.COM
1 DecWhatsApp's New Secret Code Feature Lets Users Protect Private Chats with PasswordMeta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional way to protect those chats and make them harder to find …THEHACKERNEWS.COM
1 DecGoogle Unveils RETVec - Gmail's New Defense Against Spam and Malicious EmailsIntegration of RETVec in Gmail has significantly improved spam detection rates, reduced false positives, and decreased computational costs, making it ideal for large-scale applications and on-device models.THEHACKERNEWS.COM
1 DecUkrainian Gets Eight-Year Sentence for Running Marketplace for Americans’ DataVitalii Chychasov, a Ukrainian citizen, has been sentenced to eight years in prison for running a marketplace that sold personal information of millions of Americans, impacting about 24 million people in total.THERECORD.MEDIA
1 DecZoom Flaw Enabled Hijacking Of Accounts With Access To Meetings, Team ChatPACKETSTORMSECURITY.COM
1 DecHow to stop, disable, and remove any Android apps — even system ones | Kaspersky official blogHow to manage Android apps that have uninstall protection.KASPERSKY.COM
1 DecBlueVoyant Raises $140M, Buys Resilience Firm Conquest CyberThe integration of BlueVoyant and Conquest Cyber will provide customers with more self-service capabilities and autonomous operations through the use of AI, machine learning, and virtual data lakes.BANKINFOSECURITY.COM
1 DecWindows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugsMicrosoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. [...]BLEEPINGCOMPUTER.COM
1 DecSimple Hacking Technique can Extract ChatGPT Training DataResearchers from Google DeepMind, Cornell University, and other institutions have discovered that the popular AI chatbot ChatGPT is susceptible to leaking data when prompted to repeat certain words.DARKREADING.COM
1 DecXDSpy Hackers Attack Military-Industrial Companies in RussiaXDSpy has a history of targeting Russia's government, military, financial institutions, as well as energy, research, and mining companies, demonstrating a focus on strategic organizations in Eastern Europe.THERECORD.MEDIA
1 DecWhy Broadcom Seeks 'Strategic Alternatives' for Carbon BlackBig Overlap With Symantec Makes Carbon Black Redundant, Though Buyers May Be Sparse It looks as if Carbon Black's days as part of Broadcom are numbered. Broadcom CEO Hock Tan told staff at newly acquired VMware in both an email and town hall meeting that he plans to "review strat…DATABREACHTODAY.CO.UK
1 DecTeaching appropriate use of AI tech – Week in security with Tony AnscombeSeveral cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technologyWELIVESECURITY.COM