Cyber security news bulletin for 29 November 2023

Published on 29/11/2023 · Read in 2 min.

29 November 2023

Zero-Day Exploitation in Google Chrome

Google Chrome addresses a zero-day (CVE-2023-6345) vulnerability actively exploited in the wild, an integer overflow bug in Skia.

New Bluetooth Attack 'BLUFFS' Breaks Session Secrecy

Bluetooth attacks 'BLUFFS' expose Bluetooth session secrecy, allowing device impersonation and Man-in-the-Middle attacks.

Critical ownCloud Vulnerability Exploited by Hackers

Exploitation of a critical ownCloud vulnerability (CVE-2023-49103) exposing admin passwords and mail server credentials.

Identity Attacks Rising, Verizon Report Indicates

Stolen account credentials contribute to 83% of external-party-related breaches between November 2021 and October 2022.

Design Flaw in Google Workspace

Security researchers reveal a severe design flaw in Google Workspace's domain-wide delegation (DWD), posing privilege escalation risks.

Forced Authentication Vulnerability in Microsoft Access

Vulnerability discovered in Microsoft Access that could leak a user's Windows NTLM tokens via a specially crafted Access file.

Okta Support System Breach Widens

Additional threat activity discovered linked to the October 2023 breach of Okta's support system.
Threat actor accessed names and emails of all Okta customer support users.

DJVU Ransomware Variant 'Xaro' Disguised as Cracked Software

DJVU ransomware now distributed via cracked software, appending '.xaro' to affected files and demanding a decryptor ransom.

Apache ActiveMQ Vulnerability Exploited by GoTitan Botnet

Active exploitation of Apache ActiveMQ flaw leading to distribution of GoTitan and PrCtrl Rat malware.

Qilin Ransomware Strikes Automotive Giant Yanfeng

Qilin ransomware group claims responsibility for attacking Yanfeng Automotive Interiors, a significant automotive parts supplier.

DP World Confirms Data Theft in Cyberattack

DP World confirms data theft in a recent cyberattack, assuring no ransomware or encryption was used.

Microsoft Shares Temporary Fix for Outlook Crashes

Temporary fix provided for an issue causing Outlook Desktop crashes during email sending from Outlook.com accounts.

Hackers Exploit OwnCloud Vulnerability

Hackers leveraging ownCloud vulnerability to compromise admin credentials, mail server access, and license keys.

Key Cybercriminals Behind Ransomware Arrested in Ukraine

Law enforcement arrests key individuals in Ukraine linked to multiple ransomware schemes.

ransomwareukrainearrestowncloudhackersmicrosoftcyberattackgotitanbotnetapacheactivemqoktaauthenticationaccessgoogle workspaceverizonzero-day

17 December 2023 16 December 2023 15 December 2023 14 December 2023 13 December 2023 12 December 2023 11 December 2023 10 December 2023

Services News Contact us

Penetration Testing Social Engineering Vulnerability Assessment Secure Web Design

More than Cyber Security

We offer a variety of services to help companies be prepared for real cyber-attacks.