08 December 2023
■ Russian Military Hackers Target NATO Fast Reaction Corps
Russian APT28 military hackers exploited Microsoft Outlook zero-day vulnerabilities, targeting European NATO member countries and a NATO Rapid Deployable Corps, raising significant security concerns.
■ Meta Rolls Out Default End-to-End Encryption on Messenger, Facebook
Meta introduces end-to-end encryption for Messenger chats and calls, extending the privacy feature to the Facebook social media platform.■ Progress Software Discloses Two New CVEs in MOVEit
Progress Software reveals two high-severity vulnerabilities in MOVEit, raising the total count to eight since a zero-day exploit in May, potentially posing risks in file-transfer services.
■ MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF
The MrAnon Stealer, a Python-based malware, evades detection by compressing with cx-Freeze, stealing victim credentials, system information, browser sessions, and cryptocurrency extensions.
■ WordPress Fixes POP Chain Exposing Websites to RCE Attacks
WordPress version 6.4.2 addresses an RCE vulnerability, crucial for preventing attackers from executing arbitrary PHP code on targeted websites.
■ Russian Pleads Guilty to Running Crypto-Exchange Used by Ransomware Gangs
Anatoly Legkodymov admits guilt in operating Bitzlato, a cryptocurrency exchange aiding ransomware gangs and cybercriminals in laundering over $700 million.
■ UK and Allies Expose Russian FSB Hacking Group, Sanction Members
The UK NCSC and Microsoft reveal the activities of the Russian state-backed actor "Callisto Group," involved in spear-phishing campaigns targeting organizations worldwide.
■ 23andMe Updates User Agreement to Prevent Data Breach Lawsuits
23andMe adjusts its Terms of Use to make it more challenging for users to file lawsuits following data breaches, amidst ongoing legal actions related to a credential stuffing attack in October.
■ Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits
Security researchers uncover Krasue, a remote access trojan targeting Linux systems in telecommunications companies, remaining undetected since 2021.