The breach highlights the importance of implementing the “Secure By Design” initiative and ensuring that software used by organizations is secure to prevent supply chain attacks.
The official Twitter account for Bloomberg Crypto was hacked and used to redirect users to a phishing website. The hackers created a fake Bloomberg Discord server and prompted visitors to verify their accounts through a deceptive link.
The British Library has confirmed that it was targeted in a ransomware attack on October 28. The attack caused a major technology outage, impacting phone lines, on-site services, access to digital collections, and its website.
Up to 10,000 people’s data on their sex lives was stolen in a ransomware attack on a British government department. It is unclear why the government was holding this data.
The National Telecommunication Monitoring Centre in Bangladesh exposed a database containing extensive personal information, including names, phone numbers, and passport details.
The proposed order by the FTC requires Global Tel*Link to implement a comprehensive data security program, notify customers of future breaches, and minimize the data it collects and retains, among other measures, to prevent further incidents.
The vulnerability (CVE-2023-37580) allowed for the execution of malicious scripts by tricking users into clicking on specially crafted URLs, reflecting the attack back to the user.
The command injection vulnerability, identified as CVE-2023-36553, is a variant of a previously fixed security issue and can lead to unauthorized data access, modification, or deletion.
The motive behind these cloned sites is likely to generate traffic for gambling operators, as they can serve third-party ads that publishers may be reluctant to carry on their own sites.
One of the vulnerabilities, known as “Reptar,” affects Intel CPUs and could lead to system instability or privilege escalation. The other vulnerability, CVE-2023-46835, could allow malicious code in a guest VM to compromise an AMD-based host.