A report by the US Government Accountability Office (GAO) has found that 20 US federal agencies have failed to meet the deadline for implementing incident response capabilities required by law.
The breach occurred between August 31, 2023, and September 20, 2023, prompting ERMI to secure its systems, involve law enforcement, and conduct an investigation with a cybersecurity firm.
Meta has announced the rollout of end-to-end encryption (E2EE) in its Messenger app for personal calls and one-to-one messages. This update is considered a significant milestone and comes after years of redesigning the platform.
The bugs, discovered by external security researchers and labeled as CVE-2023-48424, CVE-2023-48425, and CVE-2023-6181, pose a risk of supply chain interception, where hackers replace legitimate software updates with malicious versions.
Seoul police have seized the servers and virtual asset exchanges used by Andariel, arrested the person involved in transferring ransomware funds, and advised organizations to strengthen their cybersecurity measures to prevent future attacks.
Battery Ventures and PayPal Ventures are co-leading this round, with participation also from Nationwide Ventures and all its previous backers, including Saban Ventures, Gradient Ventures, MassMutual Ventures, and Headline Ventures.
Atlassian has released software fixes for four critical vulnerabilities (CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, CVE-2023-22524), including a deserialization flaw and remote code execution vulnerabilities in multiple products.
A vulnerability in an open-source library used in Web3 smart contracts has been discovered, affecting multiple NFT collections, including Coinbase. Thirdweb has provided mitigations for the impacted contracts and urged owners to take action.
While the reach of the campaign appears to be limited, it highlights the enduring and adaptable nature of Russian information warfare and the need for proactive threat sharing to disrupt such operations.
The compromised agency was running outdated versions of the software, indicating the need for federal agencies to prioritize cybersecurity measures such as event logging and timely remediation.