The Russian APT28 threat actor, also known as ITG05, is using authentic documents related to the Israel-Hamas war as lures to deliver a custom backdoor called HeadLace against targeted entities in 13 countries, primarily in Europe.
Around 1,450 instances of pfSense, an open-source firewall and router software, are vulnerable to command injection and cross-site scripting flaws. These flaws, if exploited together, could allow attackers to execute remote code on the system.
The threat actor uses techniques such as sending URLs to fake resume websites or attachments containing instructions to visit the website, leading to the download of malicious files.
The exploit, which is an XSS vulnerability, allows players to display GIFs using HTML code blocks in-game. This poses a potential security threat to players, as the exploit can access player IP addresses and potentially execute code on their PCs.
Clearview AI has reached a settlement in a class-action privacy lawsuit, which alleged that the company violated Illinois’ Biometric Information Privacy Act (BIPA) by using online images without consent for its facial recognition technology.
Researchers have discovered nearly a thousand fake profiles created with the intention of reaching out to companies in the Middle East. These profiles, often difficult to distinguish from real ones, have been successful in their campaigns.
According to Synopsys, the use of automated security technology is on the rise, as organizations increasingly embrace the “shift everywhere” philosophy to improve the effectiveness and reduce the cost of security activities.
The White House plans to collaborate with the Department of Health and Human Services to establish minimum cybersecurity standards to protect the healthcare sector from ransomware and other cyber threats.
Henry Schein has notified Maine’s attorney general that the personal information of over 29,000 people may have been accessed in a cyber incident in September. The hackers obtained names, financial account information, and security codes.
Amazon has taken legal action against an underground refund scheme called REKK, involving an international fraudulent organization and former Amazon employees, resulting in the theft of millions of dollars worth of products.