🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
15 DecDecoding CVE-2023-50164: Unveiling the Apache Struts File Upload ExploitIn this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.TRENDMICRO.COM
15 DecIn Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUsNoteworthy stories that might have slipped under the radar: Ukraine hacks Russia’s federal tax agency, CVE assigned to PLC exploit, security in new Intel CPU. The post In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs appeared first on SecurityWe…SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
15 DecNew NKAbuse Malware Exploits NKN Blockchain Tech for DDoS AttacksA novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange …THEHACKERNEWS.COM
15 DecUpdate: More Than 45,000 Affected by Cyberattack on Idaho Nuclear Research LabThe hackers accessed an off-site data center used for human resources services, compromising personal information such as names, social security numbers, salary details, and banking information.THERECORD.MEDIA
15 DecCyber Secuity Today, Dec. 15, 2023 - A botnet expands, threats to unpatched TeamCity servers, and moreThis episode reports on the growth of the KV-botnet, the discovery of another unprotected database on the internet, and moreCYBERSECURITYTODAY.LIBSYN.COM
15 DecCSharp Payload Phoning to a CobaltStrike Server, (Fri, Dec 15th)I found an interesting CSharp source code on VT a few days ago. Its score is only 3/59 (SHA256:5aebf1369b9b54cfc340f34fcc61a90872085a2833fd9bcf238f7c62a5c7620a)[1].
ISC.SANS.EDU
15 DecCitrixBleed Isn’t Going Away: Security Experts Struggle to Control Critical VulnerabilityDespite a patch being issued, the exploitation of CitrixBleed has continued, highlighting the challenges of vendor security management and the need for organizations to take immediate action to mitigate the vulnerability.CYBERSECURITYDIVE.COM
15 DecReport: Vulnerabilities Now Top Initial Access Route For RansomwareThreat actors are increasingly using vulnerability exploitation instead of phishing emails to compromise victims with ransomware, according to insurance company Corvus Insurance.INFOSECURITY-MAGAZINE.COM
15 DecKnight Ransomware Group Strikes Ohio City of Defiance to Exfiltrate DataThe attackers have gained access to sensitive data, including employee records, law enforcement videos, emails, and confidential documents. The City of Defiance has not yet responded to the incident.THECYBEREXPRESS.COM
15 DecRecent Apache Struts 2 Vulnerability in Attacker CrosshairsAttackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code. The post Recent Apache Struts 2 Vulnerability in Attacker Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecBug or Feature? Hidden Web Application Vulnerabilities UncoveredWeb Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the …THEHACKERNEWS.COM
15 DecNew Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch NowMultiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) b…THEHACKERNEWS.COM
15 DecZoom Unveils Open Source Vulnerability Impact Scoring SystemZoom launches an open source Vulnerability Impact Scoring System (VISS) tested within its bug bounty program. The post Zoom Unveils Open Source Vulnerability Impact Scoring System appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecCISA Secure by Design Alert Urges Manufacturers to Eliminate Default PasswordsToday, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design (SbD) Alert series. This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by…CISA.GOV
15 DecTesla | TikTok | Karakurt | VISS | Volt Typhoon | Cozy Bear | Aaran Leyland & More! – SWN349This week, Doug Talks: Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn349 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit ou…YOUTUBE.COM
15 DecCISA Releases Advisory on Cyber Resilience for the HPH SectorToday, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment , that details findings from our risk and vulnerability assessments of a Health and Public Health (HPH) Sector o…CISA.GOV
15 DecCISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health SectorCISA.GOV
15 DecFunding continues for early startups, cybersecurity isn't special, but pickleball is - ESW #343On this week's news segment, we pick up where we left off with Doug running the show last week. We discuss current early stage categories, AD canarytokens, and low hanging vulns. We talk about why cybersecurity is important, but not nearly as unique or special as some might have …YOUTUBE.COM
15 Dec3CX warns customers to disable SQL database integrationsVoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. [...]BLEEPINGCOMPUTER.COM
15 DecThe Pillars of Trust in Identity Verification - Rob O'Farrell - ESW #343On this podcast, we've often struggled with whether or not to include stories and discussion on identity verification. Is identity verification cybersecurity proper, or cybersecurity adjacent as part of fraud prevention? As always, when we're unsure, we find folks to talk to and …YOUTUBE.COM
15 DecTesla, TikTok, Karakurt, VISS, Cozy Bear, GambleForce, Aaran Leyland, and More - SWN #349Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-349YOUTUBE.COM
15 DecCyber Security Today, Week in Review for Friday Dec. 15, 2023This epsiode features discussion on how much responsibility governments should shoulder to fight ransomware, why North Korea's Lazarus group is still exploiting the two-year old Log4j vulnerability and the latest on insider attacksCYBERSECURITYTODAY.LIBSYN.COM
15 DecFederal Agencies Failing to Meet Critical Cyber DeadlinesAgencies Lack Capabilities to Track, Investigate and Remediate Threats, Report Says The departments of Commerce, State and Justice are among the 20 agencies identified in a Government Accountability Office report as having failed to meet key cyberthreat incident response deadline…DATABREACHTODAY.CO.UK
15 DecThe Week in Ransomware - December 15th 2023 - Ransomware DramaThe big news over the past two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure suddenly stopped working for almost five days. Multiple sources told BleepingComputer that this outage was related to a law enforcement operation, but BlackCat claims th…BLEEPINGCOMPUTER.COM
15 DecCISA Urges Health Sector to Apply Critical Cyber MeasuresAdvice Is Based on Agency's 2-Week Security Assessment of a Large Entity The Cybersecurity and Infrastructure and Security Agency is urging health sector entities to take critical steps in fortifying their environments based on findings from a risk and vulnerability assessment pe…DATABREACHTODAY.CO.UK
15 DecISMG Editors: Decoding BlackCat Ransomware's Downtime DramaAlso: Fraud Trends; Cryptocurrency Regulatory Developments In the latest weekly update, editors at ISMG discuss whether police have seized ransomware group Alphv/BlackCat's data leak site, how fraudsters are adapting their tactics and techniques to exploit advancements in technol…DATABREACHTODAY.CO.UK
15 DecVisa debuts AI-based token fraud prevention productPayment network Visa will offer a new AI-powered system designed to combat token fraud, analyzing transactions for patterns that could indicate fraudulent activity and help protect financial institutions against losses. The new product, dubbed Visa Provisioning Intelligence, is n…CSOONLINE.COM
15 DecDemystifying CASB and its role within SASEAt the risk of stating the obvious to many CSO readers, a secure access service edge (SASE) solution is the best cybersecurity solution an enterprise can deploy today. SASE provides converged network and security capabilities that provide deep visibility, consistent security, and…CSOONLINE.COM
15 DecCloud squatting: How attackers can use deleted cloud assets against youWe’re in the age of cloud computing where resources like virtual servers and storage space are often provisioned programmatically through deployment scripts as needed. While spinning up such assets is an almost instant process, removing them when they’re no longer needed is not a…CSOONLINE.COM
15 Decnpm search RCE? - Escape Sequence Injectionsubmitted by solidsnail to cybersecurity 1 points | 0 comments https://blog.solidsnail.com/posts/npm-esc-seqSOLIDSNAIL.COM
15 DecPatching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core ServerFour new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update …MICROSOFT.COM
📢 SECURITY ADVISORIES 7[−]
15 DecFBI, CISA, Treasury, and FinCEN Released Joint Advisory on Karakurt Data Extortion GroupKarakurt uses various tactics to steal data and extort victims for ransom. They contact victims' employees, business partners, and clients to pressure them into paying the ransom.CISA.GOV
15 DecDental Plan Administrator Fined $400K for Phishing BreachThe settlement requires the company to implement data retention policies, use multifactor authentication, encrypt private information, and have a Chief Information Security Officer (CISO) reporting to the CEO regularly.BANKINFOSECURITY.COM
15 DecHackers are Increasingly Using Remote Admin Tools to Control Infected SystemsRecently, there has been a rise in incidences of hackers using “Remote Administration Tools” to control the infected system and bypass protection technologies. Remote administration tools are software that allows managing and controlling terminals from a remote l…GBHACKERS.COM
15 DecHHS 5-Year Health Data Strategy Prioritizes 'Responsible' AIBiden Plan Aims to 'Harness' Data, AI to Better Patient Outcomes, Cut Cancer Deaths The Biden administration is heavily counting on "responsibly" leveraging AI as part of a five-year strategy that aims to harness data to enhance the health and wellness of Americans. That includes…DATABREACHTODAY.CO.UK
15 DecCISA urges tech manufacturers to stop using default passwordsToday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. [...]BLEEPINGCOMPUTER.COM
15 DecTransatlantic Cable podcast, episode 328 is an AI overload episode! Story of the year – AI, EU regulation on AI & much more! | Kaspersky official blogp Transatlantic Cable podcast, episode 328 is an AI overload episode! Story of the year – AI, EU regulation on AI & much more!KASPERSKY.COM
🔥 INCIDENT REPORTING 20[−]
15 DecIOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operatorPowerful attack knocked out internet access and mobile communications, damaging IT infrastructureCSHUB.COM
15 DecFCC Updates Data Breach Rules, With Consumers in MindThe Federal Communications Commission (FCC) has updated its data breach rules for the first time in 16 years. The new rules expand the definition of a breach and specify who should be notified.THERECORD.MEDIA
15 DecNew York Hospitals’ Patient Data Impacted by CyberattackThe IT network of New York-based health providers, including HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center, was breached for nearly two months, resulting in the compromise of patient data.SCMAGAZINE.COM
15 DecFood Giant Kraft Heinz Targeted by Ransomware GroupA ransomware group claims to have breached the systems of Kraft Heinz, but the food giant says it’s unable to verify the claims. The post Food Giant Kraft Heinz Targeted by Ransomware Group appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecWindows Defender Quarantine Folder Metadata Recovered for Forensic InvestigationsWindows Defender is a built-in antivirus and anti-malware software developed by Microsoft for Windows operating systems. It provides real-time protection against various threats, including:- Cybersecurity researchers at Fox-IT recently discovered that revived Windows Defend…GBHACKERS.COM
15 DecPersonal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data BreachHacktivists stole and leaked online the personal information of 45,000 Idaho National Laboratory employees. The post Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecLedger NPM Repo Hacked Through a Spear Phishing Attack on an EmployeeIn a recent turn of events, Ledger, a prominent hardware wallet provider, faced a security breach that sent shockwaves through the cryptocurrency community. The breach, initiated by a malevolent version of the npm package @ledgerhq/connect-kit, posed a severe risk to users&…GBHACKERS.COM
15 DecKraft Heinz Reviewing Claims of Cyberattack but Internal Systems ‘Operating Normally’Kraft Heinz is investigating claims of a data breach by the Snatch ransomware gang, but currently sees no evidence of a broader attack or adverse effects on its internal systems.THERECORD.MEDIA
15 DecCrypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 TheftCrypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a forme…THEHACKERNEWS.COM
15 DecBianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Extortion CampaignThe ransomware gangs utilized a "password spraying" attack and compromised email accounts through Business Email Compromise (BEC) to anonymously deliver ransom payment demands and complicate investigations.SECURITYAFFAIRS.COM
15 DecDelta Dental says data breach exposed info of 7 million peopleDelta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [...]BLEEPINGCOMPUTER.COM
15 DecALPHV Ransomware Gang Returns, SortaThe ALPHV ransomware gang is facing technical difficulties, with their leak site showing only one victim and negotiation links not working, potentially leaving them without payment.MALWAREBYTES.COM
15 DecRansomware gang behind threats to Fred Hutch cancer patientsThe Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center (Fred Hutch) that resulted in patients receiving personalized extortion threats. [...]BLEEPINGCOMPUTER.COM
15 DecDisinformation Rages in Russian Cyber Winter of DiscontentCISO Ian Thornton-Trump on Information Warfare, Disruptive Cyberattacks, Patching As Russia's all-out invasion of Ukraine continues, Moscow's strategy for targeting Ukrainian allies centers on "painting the picture of incompetent governments that can't protect from the Russian mi…DATABREACHTODAY.CO.UK
15 DecKansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After CyberattackThe court system in Kansas was hit by a cyberattack that caused outages and affected the courts in 104 counties. The post Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
15 DecDelta Dental of California data breach exposed info of 7 million peopleDelta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [...]BLEEPINGCOMPUTER.COM
15 Dec45,000 Affected by Breach at Idaho National LaboratoryBreach Exposed Names, Social Security Numbers and Salaries The Idaho National Laboratory said hackers stole personal data of more than 45,000 individuals connected with the facility following a self-proclaimed hacktivist group's claims of a breach. The data theft stems from a Nov…DATABREACHTODAY.CO.UK
15 DecLegal Trends to Watch in 2024CISO Liability, AI, Ransomware and Shadow IT Attorney Jonathan Armstrong examines four cybersecurity legal trends that will shape 2024: heightened personal liability for security leaders, the impact of ransomware, legal and ethical concerns about AI, and the influence of shadow I…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 11[−]
15 DecISC Stormcast For Friday, December 15th, 2023 https://isc.sans.edu/podcastdetail/8780, (Fri, Dec 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 DecLW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come. Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, … (mo…LASTWATCHDOG.COM
15 DecNew KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy AttacksA new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the B…THEHACKERNEWS.COM
15 DecIRS Warns of Expected Wave of Tax ScamsUrging taxpayers and tax professionals to be vigilant, the Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax returns.KNOWBE4.COM
15 DecBSides Cape Town 2023 - 6 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/9427fea2-954c-45d3-8392-571ac6bc4ec7.png BSides Cape Town 2023 Playlist BSides Cape Town 2023 Schedule from the website Just like the other chapters of BSides around the world, BSides Cape T…INFOSEC.PUB
15 DecTelemetry Data's Role in Cybersecurity - Tucker Callaway - ESW #343What is telemetry data and why is it important to cybersecurity? Why is it such a pain to collect, store and use? How do we improve our ability to gather and benefit from this data? Today, Tucker Callaway, the CEO of Mezmo joins us to answer all these questions and help us unders…YOUTUBE.COM
15 DecResearchers Detect Undocumented 8220 Gang ActivitiesThe 8220 gang, a Chinese-origin threat actor, continues to target Windows and Linux web servers with cryptojacking malware using evolving tactics and known vulnerabilities.IMPERVA.COM
15 DecFriday Squid Blogging: Underwater Sculptures Use Squid Ink for ColoringThe Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
15 DecCyberspace Solarium Commission Hails NDAA Cyber ProvisionsDefense Bill Includes Many Critical Cybersecurity Components, CSC Says Co-chairs of the Cyberspace Solarium Commission praised the annual U.S. national defense bill for enacting recommendations from its 2020 report, saying the bill marks "meaningful" advancements for cybersecurit…DATABREACHTODAY.CO.UK
15 DecUK AI National Institute Urges 'Red Lines' For Generative AIAlan Turing Institute Calls for 'Shift in Mindset' to Tackle National Security Risk The U.K. national institute for artificial intelligence urged the government to establish red lines against the use of generative AI in scenarios in which the technology could take an irreversible…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 7[−]
15 DecMITRE Launches Critical Infrastructure Threat Model FrameworkMITRE has launched EMB3D, a new threat model framework to help defenders protect operational technology and industrial control systems by mapping cyber threats with vulnerabilities and flaws.INFOSECURITY-MAGAZINE.COM
15 DecOrganizations Prefer a Combination of AI and Human Analysts to Monitor Their Digital Supply ChainDespite increased monitoring, getting supply chain vendors to address security issues in a timely manner remains a challenge, with only 19% of respondents actively working with their suppliers to remediate issues, according to BlueVoyant.HELPNETSECURITY.COM
15 DecIranian State-Sponsored OilRig Group Deploys Three New Malware DownloadersThe downloaders named ODAgent, OilCheck, and OilBooster, along with an updated version of SampleCheck5000, were used to blend with authentic network traffic and cover up the group's attack infrastructure.THEHACKERNEWS.COM
15 DecNew Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian EntitiesThe discovery of the new updated Pierogi++ malware suggests that the group is continuously refining its tactics and tools to maintain persistent access to targeted networks.THEHACKERNEWS.COM
15 DecNKabuse Backdoor Harnesses Blockchain Brawn To Hit Several ArchitecturesPACKETSTORMSECURITY.COM
15 DecTen New Android Banking Trojans Targeted 985 Bank Apps in 2023The emergence of ten new Android banking malware families in 2023 highlights the increasing sophistication and capabilities of these trojans, including automated transfer systems, social engineering tactics, and live screen-sharing capabilities.BLEEPINGCOMPUTER.COM
15 DecLedger dApp Supply Chain Attack Steals $600K From Crypto WalletsLedger users are advised to avoid using web3 dApps following a supply chain attack on the Ledger dApp Connect Kit library, which resulted in the theft of $600,000 worth of crypto and NFTs.BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 15[−]
15 DecGoogle's New Tracking Protection in Chrome Blocks Third-Party CookiesGoogle on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tr…THEHACKERNEWS.COM
15 Dec'Virtual Wild, Wild West': Cybercriminals use Wyoming shell companies for global hacksWyoming LLCs are being implicated in high-profile hacking activities, attracting cybercriminals due to the state's easy registration process for anonymous shell companies.KSL.COM
15 DecReport: Approval Phishing Scams Drain $1bn of Cryptocurrency from VictimsApproval phishing scams have been used to steal at least $1bn in crypto since May 2021, as per a new report by Chainalysis. This technique, frequently used by romance scammers, is estimated to have led to losses of at least $374m so far in 2023.INFOSECURITY-MAGAZINE.COM
15 DecA Robot the Size of the WorldIn 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out w…SCHNEIER.COM
15 DecUK Plans Tough New Security Rules for DatacentersUnder the current proposals, datacenter providers would have a “duty to take appropriate and proportionate technical and organizational measures” to manage security and resilience risk.INFOSECURITY-MAGAZINE.COM
15 DecFour Charged in Connection With $80m Pig Butchering SchemeThe fraudsters used shell companies and bank accounts to launder the proceeds of pig butchering scams, where victims were lured into cryptocurrency investment schemes and deceived into transferring funds to the scammers.INFOSECURITY-MAGAZINE.COM
15 DecGang charged with running $80 million “pig butchering” cryptocurrency investment scamUS authorities have charged four people for their alleged roles in a fraudulent cryptocurrency investment scheme that saw targets approached via dating sites and social media, and cost victims more than $80 million. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
15 DecData of Over a Million Users of the Crypto Exchange GokuMarket ExposedThe centralized crypto exchange GokuMarket, owned by ByteX, left an open instance, exposing sensitive user data, including IP addresses, email addresses, encrypted passwords, and crypto wallet addresses.SECURITYAFFAIRS.COM
15 DecMicrosoft Takes Down Websites Used To Create 750 Million Fraudulent AccountsPACKETSTORMSECURITY.COM
15 DecBox cloud storage down amid 'critical' outageCloud storage provider Box.com is suffering an outtage preventing customers from accessing their files. [...]BLEEPINGCOMPUTER.COM
15 DecMalicious browser extensions in 2023 | Kaspersky official blogStealing cryptocurrency, hijacking accounts in games and social networks, manipulating search results, and other dirty tricks of malicious browser extensions in 2023.KASPERSKY.COM
15 DecUbiquiti fixes glitch that exposed private video streams to other customersUbiquity, the networking and video surveillance camera maker, has fixed a bug that users say mistakenly allowed them access to the accounts and private live video streams of other customers. Reports first emerged on Reddit that some customers received push notifications on their …TECHCRUNCH.COM
15 DecEx-Amazon engineer pleads guilty to hacking crypto exchangesFormer Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. [...]BLEEPINGCOMPUTER.COM
15 DecNew iOS feature to thwart eavesdropping – Week in security with Tony AnscombeYour iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyesWELIVESECURITY.COM