🚨 CISA KEV 1[−]
5 Dec KEVCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free V…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
5 DecDecember Android Updates Fix Critical Zero-Click RCE FlawThe zero-click RCE bug found in Android's System component allows attackers to gain arbitrary code execution without user interaction. The bug (CVE-2023-40088) is found in Android's System component and can be exploited without additional privileges.BLEEPINGCOMPUTER.COM
5 DecCISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusionToday, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers , to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusi…CISA.GOV
5 DecHackers breach US govt agencies using Adobe ColdFusion exploitThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...]BLEEPINGCOMPUTER.COM
5 DecRussia’s Fancy Bear launches mass credential collection campaignsA threat group associated with the Russian military intelligence service was behind several mass attack campaigns that exploited known flaws in Outlook and WinRAR to collect Windows NTLM credential hashes from organizations in Europe and North America. The high volume of emails i…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
5 DecHow cybersecurity teams should prepare for geopolitical crisis spilloverFrom Russia's invasion of Ukraine to Hamas's recent assault on Israel, it's difficult to deny that geopolitical crises come with diversifying cybersecurity footprints. In Ukraine, early digital Russian actions in support of the invasion struck not just government targets, but als…CSOONLINE.COM
5 DecTwo New Versions of OpenZFS Fix Long-Hidden Corruption BugThe OpenZFS development team has released two new versions of the open-source cross-platform filesystem. Version 2.2.2 fixes a bug that caused data corruption in file copies and affected FreeBSD 14 and various Linux distros.THEREGISTER.COM
5 DecMicrosoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook VulnerabilityMicrosoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat acto…THEHACKERNEWS.COM
5 DecPDF Phishing: Beyond the BaitPhishing attackers are increasingly using PDF documents to conduct successful campaigns by exploiting the trustworthiness of the file format and leveraging social engineering tactics.MCAFEE.COM
5 DecRussian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warnssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://cybernews.com/security/rusian-hackers-exploit-microsoft-outlook-vulnerability/CYBERNEWS.COM
5 DecDeepfakes emerge as a top security threat ahead of the 2024 US electionThe United States is heading into a crucial election year, with a high-stakes presidential election that could determine the republic’s fate for decades. In addition, all 435 seats in the United States House of Representatives, 34 Senate seats, and 13 governorships are up for gra…CSOONLINE.COM
5 DecRussian APT28 Hackers Exploiting Outlook Bug to Hijack Exchange AccountsMicrosoft warned that the Russian state-sponsored hacker group APT28 is actively exploiting vulnerabilities in Outlook, WinRAR, and Windows MSHTML to hijack Microsoft Exchange accounts and steal sensitive information.BLEEPINGCOMPUTER.COM
5 DecHow The Disinformation Machine Works, And How $400 Can Stop ItSpecifically when wars break out, disinformation kicks into high gear. In the wake of the October 7 Hamas attack, the internet has been swamped with a deluge of disinformation. This phenomenon isn't just about spreading falsehoods; it's a systematic attempt to amplify fake n…KNOWBE4.COM
5 DecOPM Launches Cyber Rotational Program for FedsThe OPM has launched a new Federal Rotational Cyber Workforce Program, allowing cybersecurity employees in the federal government to apply for rotational opportunities at other agencies to enhance their skills and defend against evolving threats.NEXTGOV.COM
5 DecUnpatched Loytec Building Automation Flaws Disclosed 2 Years After DiscoveryThe details of 10 unpatched Loytec building automation product vulnerabilities have been disclosed two years after their discovery. The post Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecWarning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode AttackA new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel, detailed by Jamf Threat Labs in a r…THEHACKERNEWS.COM
5 DecCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on December 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-339-01 Zebra ZTC Industrial ZT400 and Desktop GK420d ICSA-23-208-03…CISA.GOV
5 DecIt’s not a Feature, It’s a Vulnerabilitysubmitted by solidsnail to cybersecurity 1 points | 0 comments https://blog.solidsnail.com/posts/vscode-shell-integ-rce I talk about a report I’ve made to MSRC in the beginning of the year regarding vscode. It’s a bit different. There’s no in depth technical stuff, because I basi…SOLIDSNAIL.COM
5 DecDNA Company 23andMe Reports Unauthorized Access to Numerous User Ancestry Filessubmitted by c0mmando to netsec 1 points | 0 comments https://reclaimthenet.org/dna-company-23andme-reports-unauthorized-access-to-numerous-user-ancestry-files In recent years, a growing number of people have been handing their DNA over to tech companies for the apparent benefits…RECLAIMTHENET.ORG
5 DecAddressing vulnerabilities in OT environments requires a Zero Trust approachCyberattacks on operational technology (OT) systems are rapidly rising. In fact, manufacturing was one of the sectors most impacted by extortion attacks last year, according to Palo Alto Networks Unit 42, as reported in the 2023 Unit 42 Extortion and Ransomware Report . Attacks a…CSOONLINE.COM
5 DecTwo new versions of OpenZFS fix long-hidden corruption bugsubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/12/04/two_new_versions_of_openzfs/ The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there’s a fix for the previous OpenZFS r…THEREGISTER.COM
5 DecAI’s Future Could be Open-Source or Closed. Tech Giants Are Divided as They Lobby RegulatorsFacebook parent Meta and IBM launched a new group called the AI Alliance that’s advocating for an “open science” approach to AI development. The post AI’s Future Could be Open-Source or Closed. Tech Giants Are Divided as They Lobby Regulators appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecFeds, AHA Urge Hospitals to Mitigate Citrix Bleed ThreatsUrgent Action Needed to Prevent Ransomware Attacks Involving Vulnerability Exploit A recent spike in ransomware attacks has prompted federal regulators and the American Hospital Association to issue urgent warnings to hospitals and other healthcare firms to prevent potential expl…DATABREACHTODAY.CO.UK
5 Dec23andMe Says Hackers Stole Ancestry Data of 6.9M UsersCredential-Stuffing Attack Led to Profile Scraping Genetics testing firm 23andMe says hackers, in a credential-stuffing attack this fall, siphoned the ancestry data of 6.9 million individuals. 23andMe disclosed the attack on Oct. 1, stating the attackers had scraped the profiles …DATABREACHTODAY.CO.UK
5 DecHow Microsoft and Amazon are expanding the fight against international tech support fraudOn October 19th of this year, India's federal enforcement agency, the Central Bureau of Investigation (CBI), announced it had conducted multiple criminal raids against fraudulent call centers in various cities across India. This operation was supported by a joint referral from Mi…CSOONLINE.COM
5 DecMultiple NFT collections at risk by flaw in open-source libraryA vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. [...]BLEEPINGCOMPUTER.COM
5 DecRussian GRU Hackers Exploit Critical Patched VulnerabilitiesTA422 Is Targeting Organizations in Europe and North America, Proofpoint Says A Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint. The firm has seen a spike in activity…DATABREACHTODAY.CO.UK
5 DecUK CSO 30 Awards 2023 winners announcedCongratulations to the CSO 30 UK 2023 winners for driving security innovation and delivering business value in their organisations and in the wider sector. The winners of the CSO 30 UK Awards 2023 have been announced. The awards recognise 30 UK IT professionals who have demonstra…CSOONLINE.COM
📋 SECURITY BULLETINS 3[−]
5 Dec94 Vulnerabilities Patched in Android With December 2023 Security UpdatesAndroid’s December 2023 security updates resolve 94 vulnerabilities, including several critical-severity bugs. The post 94 Vulnerabilities Patched in Android With December 2023 Security Updates appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecMicrosoft to also sell Windows 10 Extended Security Updates to home usersMicrosoft says that customers still using Windows 10 after the end of support date will be able to buy three extra years of security updates through the company's Extended Security Updates (ESU) program. [...]BLEEPINGCOMPUTER.COM
5 DecMicrosoft to let Windows 10 home users buy Extended Security UpdatesMicrosoft says that all Windows 10 customers (including home users) will be able to pay for three extra years of security updates through the company's Extended Security Updates (ESU) program after the end of support (EOS) date. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 8[−]
5 DecFake WordPress Security Advisory Pushes Backdoor PluginThe fake plugin, once installed, creates a hidden admin user and sends victim information to the attackers, while also downloading a backdoor payload that allows for file management, SQL client, and server environment information access.BLEEPINGCOMPUTER.COM
5 DecTSA Envisions AI-Driven Future of Secure, Streamlined TravelTSA Official Details How Agency Aims to Implement AI Systems Across Operations The Transportation Security Administration is exploring the possibilities of a future of U.S. travel "underpinned by AI advancements," according to the agency's deputy CIO, with next-generation technol…DATABREACHTODAY.CO.UK
5 DecExtracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS - ASW #265Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Visit https://www.securityweekly.com/…YOUTUBE.COM
5 DecAll the News -- Just Six Months Later - ASW #265We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? …YOUTUBE.COM
5 DecNew SEC Rules Will Do More Than Result in Quick Breach ReportingOn July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules , taking affect mid-December 2023, that will significantly impact all U.S. organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations…KNOWBE4.COM
5 DecExperts Urge Congress to Task NIST With REAL ID Standards'TSA Is Not the Right Agency to Lead' REAL ID Implementation, Security Experts Say Security experts testified to Congress that the National Institute of Standards and Technology is better placed than the Transportation Security Administration to lead national implementation effor…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 12[−]
5 DecRailYatri - 23,209,732 breached accountsIn December 2022, India’s government-approved online travel agency RailYatri suffered a data breach . The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel informat…HAVEIBEENPWNED.COM
5 DecNew Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. AerospaceA previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as Aero…THEHACKERNEWS.COM
5 DecAccounting Software Giant Tipalti Investigating Ransomware AttackALHV, a prolific ransomware group, allegedly gained persistent access to multiple Tipalti systems and stole over 265GB of data, with claims of insider involvement in the attacks.CYBERSECURITYDIVE.COM
5 DecInternational Dog Breeding Organization WALA Exposes 25GB of Pet Owners' DataThe breach exposes the global customer base of WALA to potential threats like phishing attacks and financial scams, emphasizing the need for affected parties to monitor their financial accounts and implement additional security measures.HACKREAD.COM
5 DecIran-Linked Hackers Claim to Leak Troves of Documents From Israeli HospitalA hacker group allegedly linked to Iran, known as Malek Team, has claimed responsibility for a cyberattack on an Israeli hospital, resulting in the leak of thousands of medical records, including those of Israeli soldiers.THERECORD.MEDIA
5 DecNew Threat Actor ‘AeroBlade’ Targeted US Aerospace Firm in Espionage CampaignBlackBerry attributes cyberattack against an aerospace organization in the US to a new threat actor named AeroBlade. The post New Threat Actor ‘AeroBlade’ Targeted US Aerospace Firm in Espionage Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecFlorida Water Agency Latest to Confirm Cyber Incident as Feds Warn of Nation-State AttacksThe St. Johns River Water Management District in Florida has confirmed that it responded to a cyberattack last week, amid warnings from top cybersecurity agencies about foreign attacks on water utilities.THERECORD.MEDIA
5 DecHoliday Hackers: How to Safeguard Your Service DeskConsumer traffic rises sharply during the holidays, as do the scope and severity of cyberattacks. Learn more from Specops Software on how to protect your service or help desk from social engineering attacks during the holiday season. [...]BLEEPINGCOMPUTER.COM
5 DecMicrosoft Incident Response lessons on preventing cloud identity compromiseIn real-world customer engagements, Microsoft Incident Response (Microsoft IR) sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Effective protection of a customer’s Entra ID tenant is less challenging t…MICROSOFT.COM
5 DecNew OnDemand | Reacting with Split-Second Agility to Prevent Software Supply Chain BreachesDATABREACHTODAY.CO.UK
5 DecNorth Korean Hackers Steal South Korean Anti-Aircraft DataAndariel Group Rented Server to Steal 1.2TB of Data, Extort $357,000 in Ransoms Seoul police have accused the North Korean hacker group Andariel of stealing sensitive defense secrets from South Korean defense companies and laundering ransomware proceeds back to North Korea. The h…DATABREACHTODAY.CO.UK
5 DecHTC Global Services confirms cyberattack after data leaked onlineIT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 21[−]
5 DecISC Stormcast For Tuesday, December 5th, 2023 https://isc.sans.edu/podcastdetail/8764, (Tue, Dec 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 DecArmorCode Raises $40M To Consolidate Security Data in One PlaceArmorCode aims to surface vulnerabilities in enterprise software and infrastructure through role-specific dashboards, providing threat intelligence tools and training for security teams.TECHCRUNCH.COM
5 DecRussian hacker pleads guilty to Trickbot malware conspiracyA 40-year-old Russian man faces a lengthy prison sentence in the United States after pleading guilty to his involvement in the distribution and development of the notorious Trickbot malware. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
5 DecCobalt Strike's "Runtime Configuration", (Tue, Dec 5th)I published an update for my 1768.py tool, a tool to extract the configuration from Cobalt Strike beacons.
ISC.SANS.EDU
5 DecSwiss Cyber Storm 2023 - 22 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/e1b7f9cb-b219-453f-b1e7-9602ab769f08.png Swiss Cyber Storm 2023 Recordings Schedule from the websiteINFOSEC.PUB
5 DecDEF CON 31 - 156 videossubmitted by ashar to security_cpe 2 points | 0 comments https://infosec.pub/pictrs/image/cc3b7ba0-0ab4-4137-bab5-5ab2337f3e0c.png DEF CON 31 playlistINFOSEC.PUB
5 DecCybersecurity M&A Roundup: 34 Deals Announced in November 2023Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in November 2023. The post Cybersecurity M&A Roundup: 34 Deals Announced in November 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecCISO Conversations: Three Leading CISOs in the Modern Healthcare SectorSecurityWeek discusses the role of security leadership with three CISOs in one of the world’s most attacked sectors: healthcare. The post CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecCyberheistNews Vol 13 #49 Top Four Security Tips for Cyber Safety on National Computer Security DayKNOWBE4.COM
5 DecMine Lands $30M Series B for Data Privacy TechIsraeli early-stage startup snags financing from Battery Ventures, PayPal Ventures and Nationwide Ventures. The post Mine Lands $30M Series B for Data Privacy Tech appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecPrioritizing Identity and Getting the Fundamentals Right - Bezawit Sumner - CSP #151Prioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discus…YOUTUBE.COM
5 DecAlert: WordPress Security Team Impersonation Scamssubmitted by squirrel to cybersecurity 1 points | 0 comments https://wordpress.org/news/2023/12/alert-wordpress-security-team-impersonation-scams/WORDPRESS.ORG
5 DecApplication Security Startup ArmorCode Raises $40 MillionArmorCode raises $40 million in a Series B funding round to help organizations ship secure applications. The post Application Security Startup ArmorCode Raises $40 Million appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecMajor Organizations Using ‘Hugging Face’ AI Tools Put at Risk by Leaked API TokensLasso warns of more than 1,600 leaked Hugging Face API tokens belonging to hundreds of organizations. The post Major Organizations Using ‘Hugging Face’ AI Tools Put at Risk by Leaked API Tokens appeared first on SecurityWeek .SECURITYWEEK.COM
5 DecFinancial Institutions are the Most Affected by Phishing Attacks and ScamsNew data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1.KNOWBE4.COM
5 DecPDFs: Friend or Phishing Foe? Don't Get Caught by the Latest Scam TacticResearchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns.KNOWBE4.COM
5 DecSurprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Gmail, Jason Woods – SWN #346Join us live at 12pm ET for discussion around Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Sellafield, Gmail, Jason Wood, and more on this edition of the Security Weekly News. →Watch Live: https://securityweekly.com/live →Subscribe to our podcasts: https://secu…YOUTUBE.COM
5 DecSurprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Gmail, Jason Woods - SWN #346Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Sellafield, Gmail, Jason Wood, and more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-346YOUTUBE.COM
5 DecAPI Flaws Put AI Models at Risk of Data PoisoningHugging Face Fixes Flaw; Meta, Other Tech Giants Revoke Vulnerable Tokens Security researchers could access and modify an artificial intelligence code generation model developed by Facebook after scanning for API access tokens on AI developer platform Hugging Face and code reposi…DATABREACHTODAY.CO.UK
5 Dec23andMe Says Hackers Saw Data From Millions of UsersPersonal genetics firm 23andMe said hackers accessed the personal information about 6.9 million of its members. The post 23andMe Says Hackers Saw Data From Millions of Users appeared first on SecurityWeek .SECURITYWEEK.COM
5 Dec3 reasons why now is the time to go cloud native for device managementDiscover these three recent customer stories to better understand the full value of becoming cloud native. The post 3 reasons why now is the time to go cloud native for device management appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
5 DecTrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time AroundTrickMo replaces screen recording with collecting Accessibility event logs to gather data from running applications, requiring victims to grant Accessibility Service access.THECYBEREXPRESS.COM
5 DecSellafield nuclear site “attacked by cyber groups” linked to Russia and ChinaSellafield reportedly infected with sleeper malware despite facility claiming “no records or evidence” to suggest attackCSHUB.COM
5 DecSpyLoan Android malware on Google Play downloaded 12 million timesMore than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
5 Dec140: Revenge BytesMadison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoicesDARKNETDIARIES.COM
📡 INFOSEC NEWS 20[−]
5 DecHershey phishes! Crooks snarf chocolate lovers' credsThe phishing emails were sent to employees in early September and allowed the criminals to steal a range of personal data, including names, health and medical information, credit card numbers, and online account credentials.THEREGISTER.COM
5 Dec15,000 Go Module Repositories on GitHub Vulnerable to Repojacking AttackNew research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes," Jacob Baines, chief technology officer at VulnCheck, said&nbs…THEHACKERNEWS.COM
5 DecUsed by only a few nerds, Facebook kills PGP-encrypted emailsIn 2015, as part of the wave of encrypting all the things on the internet, encouraged by the Edward Snowden revelations, Facebook announced that it would allow users to receive encrypted emails from the company. Even at the time, this was a feature for the paranoid users. By turn…TECHCRUNCH.COM
5 DecGenerative AI Security: Preventing Microsoft Copilot Data ExposureMicrosoft Copilot has been called one of the most powerful productivity tools on the planet. Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft's dream is to take the drudgery out of daily w…THEHACKERNEWS.COM
5 DecThe Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the cont…SCHNEIER.COM
5 DecRestricted Settings in Android 13 and 14 | Kaspersky official blogWe explain what Restricted Settings are in Android 13 and 14, what this feature is supposed to protect against, and how viruses (and users) bypass it.KASPERSKY.COM
5 DecMicrosoft confirms Windows bug renames printers to HP LaserJet M101-M106Microsoft has confirmed an issue causing the HP Smart app to automatically install on Windows systems after all printers are renamed to HP LaserJet M101-M106. [...]BLEEPINGCOMPUTER.COM
5 DecRussia's AI-Powered Disinformation Operation Targeting Ukraine, US, and GermanyThe Russia-linked influence operation called Doppelganger has targeted Ukrainian, U.S., and German audiences through a combination of inauthentic news sites and social media accounts. These campaigns are designed to amplify content designed to undermine Ukraine as well as propaga…THEHACKERNEWS.COM
5 Dec15,000 Go Module Repositories on GitHub Vulnerable to Repojacking AttackGo modules are particularly susceptible to repojacking due to their decentralized nature, and popular repository namespace retirement countermeasures are not effective in preventing all instances of this attack.THEHACKERNEWS.COM
5 DecCybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber RiskCISA.GOV
5 DecMapping the Unseen Vulnerabilities of Zombie APIsZombie APIs are becoming more common, just because of the sheer number APIs and third-party vendors that organizations rely on. Joshua Scott, head of information security and IT at API platform Postman, says businesses need to identify "what is critical to the business and map ba…DATABREACHTODAY.CO.UK
5 DecAccelerating into 2024 with NEOM McLaren Formula E TeamLearn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond.TRENDMICRO.COM
5 DecKali Linux 2023.4 released with GNOME 45 and 15 new toolsKali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and the GNOME 45 desktop environment. [...]BLEEPINGCOMPUTER.COM
5 DecDue to AI, “We are about to enter the era of mass spying,” says Bruce SchneierSchneier: AI will enable a shift from observing actions to interpreting intentions, en masse.ARSTECHNICA.COM
5 DecAccelerating into 2024 with NEOM McLaren Formula E TeamLearn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond.TRENDMICRO.COM
5 DecBeware of predatory fin(tech): Loan sharks use Android apps to reach new depthsESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google PlayWELIVESECURITY.COM
5 DecDue to AI, “We are about to enter the era of mass spying,” says Bruce SchneierSchneier: AI will enable a shift from observing actions to interpreting intentions, en masse.ARSTECHNICA.COM