🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
3 DecGoogle patches security bugs in Chrome, exploit out theresubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/11/30/chrome_zeroday/ Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there. You’re encouraged to thus grab the lat…THEREGISTER.COM
3 DecWeak session keys let snoops eavesdrop on Bluetooth trafficsubmitted by c0mmando to netsec 2 points | 1 comments https://www.theregister.com/2023/11/30/bluetooth_bluffs_attacks_are_no/ Multiple Bluetooth chips from major vendors such as Qualcomm, Broadcom, Intel, and Apple are vulnerable to a pair of security flaws that allow a nearby mi…THEREGISTER.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
3 Dec60 US credit unions offline after cloud ransomware infectionsubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/ A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacke…THEREGISTER.COM
3 DecEU Council president proposes ‘European cyber force’ with ‘offensive capabilities’submitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/offensive-cyber-force-proposal-european-council-president Charles Michel, the president of the European Council — the EU body that sets the bloc’s political direction — proposed on Thursday the creation…THERECORD.MEDIA
3 DecXDSpy hackers attack military-industrial companies in Russiasubmitted by c0mmando to netsec 5 points | 0 comments https://therecord.media/xdspy-hackers-target-russian-military-industrial-companies A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research. XDSpy is believed t…THERECORD.MEDIA
3 DecUS readies prison cell for another Russian Trickbot devsubmitted by c0mmando to netsec 2 points | 1 comments https://www.theregister.com/2023/12/01/trickbot_dev_guilty_plea/ Another member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement’s ongoing search for its leading members. Russian nationa…THEREGISTER.COM
3 DecMore than $100 million in ransom paid to Black Basta gang over nearly 2 yearssubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/blackbasta-ransom-payments Key takeaways Joint research by Elliptic and Corvus Insurance has identified at least $107 million in Bitcoin ransom payments to the Black Basta ransomware group since early 2…THERECORD.MEDIA
📢 SECURITY ADVISORIES 2[−]
3 DecUEFI flaws allow bootkits to pwn potentially hundreds of devices using imagessubmitted by c0mmando to netsec 1 points | 0 comments https://web.archive.org/web/20231202114431/https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html LogoFAIL is a newly discovered set of security vulnerabilities affecting different image parsing librarie…WEB.ARCHIVE.ORG
3 DecNew SugarGh0st RAT targets Uzbekistan government and South Koreasubmitted by c0mmando to netsec 1 points | 0 comments https://blog.talosintelligence.com/new-sugargh0st-rat/ Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.” We fo…TALOSINTELLIGENCE.COM
🔥 INCIDENT REPORTING 3[−]
3 DecBreaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies SayThe Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked "Cyber Av3ngers" hackers The post Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say appeared first on SecurityWeek .SECURITYWEEK.COM
3 DecSoarGames - 4,774,445 breached accountsIn December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses appeared to have be…HAVEIBEENPWNED.COM
3 DecLinux version of Qilin ransomware focuses on VMware ESXiA sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 5[−]
3 DecWeekly Update 376Presently sponsored by: Kolide ensures that if a device isn't secure, it can't access your apps. It's Device Trust for Okta. Watch the demo today! I'm irrationally excited about the new Prusa 3D printer on order, and I think that's mostly to do with planning for the NDC…TROYHUNT.COM
3 DecIT Modernization Efforts Need to Prioritize Cybersecuritysubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.cyberdefensemagazine.com/it-modernization-efforts-need-to-prioritize-cybersecurity/CYBERDEFENSEMAGAZINE.COM
3 DecBSides Toronto 2023 - 9 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/1bae1d65-7d2d-4b3d-8f0c-0a5f73f6002c.png BSides Toronto 2023 playlist of 9 talks 2023 BSides Toronto - 6 Lightning Talks BSides Toronto 2023 Schedule BSides Toronto 2023 websiteINFOSEC.PUB
3 DecDNS TXT Verification recordssubmitted by 1boiledpotato to cybersecurity 1 points | 0 comments Today I checked DNSDumpster for my domain and realized that TXT verification records for my email are visible to everyone. Should I be worried? If yes how can I hide them?SH.ITJUST.WORKS
3 DecNorth Korea's state hackers stole $3 billion in crypto since 2017North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
3 DecNew proxy malware targets Mac users through pirated softwareCybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 1[−]
3 DecGoogle is phasing out ad personalization for some AdSense productsGoogle has announced significant changes to its Search Ads publisher products, including AdSense for Search (AFS), AdSense for Shopping (AFSh), and Programmable Search Engine (ProSE). [...]BLEEPINGCOMPUTER.COM