December 8, 2023 at 01:42PM San Francisco startup Opal Security secures $22M investment from Battery Ventures to enhance its IAM technology and compete in the competitive identity and access management market. This influx of capital is expected to fuel the company’s growth and innovation within the industry. Based on the meeting notes, it appears that … Read more
December 8, 2023 at 01:32PM Ransomware gang ALPHV’s websites have been down for over 30 hours, suggesting a potential law enforcement operation. Admin claims the sites may be back soon, but remain down. Speculation on FBI involvement arises. ALPHV is believed to be a rebrand of DarkSide and BlackMatter, known for targeting critical infrastructure globally. … Read more
December 8, 2023 at 01:00PM A set of security vulnerabilities in 5G mobile modems from major chipset vendors like MediaTek and Qualcomm, dubbed 5Ghoul, affects USB, IoT modems, and numerous smartphone models. The vulnerabilities, disclosed by researchers from SUTD, could allow for continuous or downgraded attacks. Patches have been released for most flaws, impacting product … Read more
December 8, 2023 at 12:33PM Summary: Apple ID HT214042, released on 2023-11-06, addresses CVE-2023-42867 by improving process entitlement and Team ID validation. The issue could allow an app to gain root privileges in GarageBand. Updates are available for macOS Ventura and macOS Sonoma. Based on the meeting notes: Issue: CVE-2023-42867 Description: Improved validation of process … Read more
December 8, 2023 at 12:20PM Insider threats using privilege escalation flaws are on the rise, with 55% of incidents relying on privilege escalation exploits and 45% introducing risks through downloading risky tools. Crowdstrike reports that insider attacks cost an average of $648,000 for malicious and $485,000 for non-malicious incidents. Additionally, introducing flaws into networks increases … Read more
December 8, 2023 at 11:51AM Amazon’s Customer Protection and Enforcement team has sued an international fraudulent organization known as REKK and seven former Amazon employees for participating in a refund scheme that resulted in the theft of millions of dollars worth of products from Amazon’s online platforms. The scheme involved providing illicit refunds in exchange … Read more
December 8, 2023 at 11:48AM Summary: This SecurityWeek post highlights lesser-known stories including a fake Lockdown Mode, a new Linux RAT, AI being jailbroken, and a country’s DNS being hijacked. Based on the meeting notes, the notable security-related stories that were discussed are: 1. Fake Lockdown Mode 2. New Linux RAT 3. Jailbreaking AI 4. … Read more
December 8, 2023 at 11:29AM Kenya has halted the launch of its digital identification system, “Maisha Namba,” due to the lack of data-protection impact assessments. The High Court suspended the system, concerned with privacy rights violations and the unlawful collection of biometric and biographical data. The system is scheduled to be reviewed by the High … Read more
December 8, 2023 at 10:34AM Human trafficking for cyber scam call centers is expanding globally, beyond southeast Asia. Interpol’s Operation Storm Makers II revealed evidence of trafficking and abuse in South America and the Middle East. Victims are lured through fake job ads and subjected to various forms of abuse. The recent operation led to … Read more
December 8, 2023 at 10:25AM A new set of 5G modem vulnerabilities, collectively known as “5Ghoul,” impact 710 5G smartphone models from Google partners and Apple, as well as routers and USB modems. Discovered by researchers, these vulnerabilities can lead to disruptions and network downgrades, posing a risk to security. Qualcomm and MediaTek have released … Read more