The Beijing Wangshendongjian Judicial Appraisal Institute Institute’s claim that AirDrop’s anonymization techniques can be easily circumvented raises concerns about the vulnerability of user identities and the potential for surveillance.
A new family of malicious Android Package Kit (APK) files has been discovered targeting Chinese users. The attackers pose as law enforcement officials and claim the victim’s phone number or bank account is involved in financial fraud.
Suspected nation-state threat actors have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances to gain backdoor access to targeted devices.
The Medusa ransomware group has escalated its activities by introducing a dedicated leak site called the Medusa Blog, where they disclose sensitive data from non-compliant victims.
The vulnerability (CVE-2023-7028) allows attackers to reset passwords through unverified email addresses, affecting all self-managed instances of GitLab Community Edition and Enterprise Edition.
The Phemedrone Stealer campaign exploits the Windows Defender SmartScreen Bypass vulnerability (CVE-2023-36025) to infect users and steal data from web browsers, cryptocurrency wallets, and messaging apps.
The settlement includes reimbursement for out-of-pocket losses, credit monitoring, identity theft insurance, and a cash settlement payment for affected individuals, with an additional payment for California residents.
Lush has taken immediate steps to secure and screen all systems in order to contain the incident and limit its impact on their operations, while also informing relevant authorities about the incident.
The most active ransomware groups in 2023 included AlphV, BianLian, Clop, LockBit 3.0, and Play, with AlphV being the most prolific and receiving substantial ransom payments.
Water for People, a nonprofit focused on improving access to clean water, has been targeted by the Medusa ransomware group, highlighting the vulnerability of even non-profit organizations to cyberattacks.