January 10, 2024 at 06:34AM Cisco Talos released a decryptor for the Tortilla variant of Babuk ransomware, enabling victims to regain file access. The cybersecurity firm shared intelligence that led to the arrest of the threat actor. Avast also obtained the encryption key, updating its decryptor for all Tortilla victims. Meanwhile, Security Research Labs unveiled … Read more
January 10, 2024 at 04:30AM The U.S. FTC prohibited data broker Outlogic from sharing sensitive location data with third-parties due to privacy violations, requiring data destruction and a comprehensive privacy program. The FTC accused Outlogic of inadequate safeguards and transparency, prompting a settlement and Senator Wyden’s praise. Outlogic disagreed with the implications and the need … Read more
January 10, 2024 at 01:06AM In January 2024, Microsoft addressed 48 security flaws in its software, with 2 rated Critical and 46 Important. No evidence indicates active attacks, marking the second consecutive Patch Tuesday with no zero-days. This includes fixes for vulnerabilities in the Chromium-based Edge browser. Other vendors have also released security updates to … Read more
January 10, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six actively exploited security flaws to its catalog, including a high-severity vulnerability in Apache Superset. Details of the issue were first reported in April 2023. CISA recommends federal agencies to apply fixes for these bugs by January 29, 2024, to … Read more
January 9, 2024 at 05:35PM Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits … Read more
January 9, 2024 at 05:31PM The U.S. Securities and Exchange Commission’s account, X, was hacked to falsely announce the approval of Bitcoin ETFs. The tweet, promptly deleted, led to a temporary spike in Bitcoin prices. However, the SEC clarified that no such approval had been granted. This incident follows a string of account breaches targeting … Read more
January 9, 2024 at 04:53PM The SEC’s Twitter account was hijacked to falsely announce approval of Bitcoin ETFs, causing a surge and subsequent drop in cryptocurrency prices. The misleading tweet was deleted, and SEC chairman Gary Gensler confirmed it as false. Bitcoin initially spiked to $47,900 but is now at $46,247. Developments ongoing. The SEC’s … Read more
January 9, 2024 at 04:48PM A Chinese research institute claims to have decrypted Apple’s AirDrop, allowing the government to identify users sharing content. China’s history of censorship prompted people to use AirDrop during protests, leading to Apple limiting its use. Beijing Wangshendongjian Institute reportedly cracked AirDrop, identifying users sending content and leading to the arrest … Read more
January 9, 2024 at 04:27PM A printer bug in unsegmented IT networks has the potential to cause severe issues. Based on the meeting notes, it appears that there is a concern about the potential impact of a printer bug in IT networks that lack proper segmentation. This suggests the possibility of significant consequences stemming from … Read more
January 9, 2024 at 04:13PM Threat actors impersonating security researchers targeted ransomware victims, offering to hack back attackers and delete stolen data for a fee. Arctic Wolf found instances of this scam targeting organizations hit by Royal and Akira ransomware. The scammers used consistent communication methods, indicating a single actor behind both attempts. This adds … Read more