29 November 2023

  • Google Chrome addresses a zero-day (CVE-2023-6345) vulnerability actively exploited in the wild, an integer overflow bug in Skia.


  • Bluetooth attacks 'BLUFFS' expose Bluetooth session secrecy, allowing device impersonation and Man-in-the-Middle attacks.


  • Exploitation of a critical ownCloud vulnerability (CVE-2023-49103) exposing admin passwords and mail server credentials.


  • Stolen account credentials contribute to 83% of external-party-related breaches between November 2021 and October 2022.


  • Security researchers reveal a severe design flaw in Google Workspace's domain-wide delegation (DWD), posing privilege escalation risks.


  • Vulnerability discovered in Microsoft Access that could leak a user's Windows NTLM tokens via a specially crafted Access file.


  • Additional threat activity discovered linked to the October 2023 breach of Okta's support system.
  • Threat actor accessed names and emails of all Okta customer support users.


  • DJVU ransomware now distributed via cracked software, appending '.xaro' to affected files and demanding a decryptor ransom.


  • Active exploitation of Apache ActiveMQ flaw leading to distribution of GoTitan and PrCtrl Rat malware.


  • Qilin ransomware group claims responsibility for attacking Yanfeng Automotive Interiors, a significant automotive parts supplier.


  • DP World confirms data theft in a recent cyberattack, assuring no ransomware or encryption was used.


  • Temporary fix provided for an issue causing Outlook Desktop crashes during email sending from Outlook.com accounts.


  • Hackers leveraging ownCloud vulnerability to compromise admin credentials, mail server access, and license keys.


  • Law enforcement arrests key individuals in Ukraine linked to multiple ransomware schemes.


ransomwareukrainearrestowncloudhackersmicrosoftcyberattackgotitanbotnetapacheactivemqoktaauthenticationaccessgoogle workspaceverizonzero-day

Newsletter

Subscribe to our newsletter to stay informed about CyberSecurity news. You can unsubscribe at any time.

More than Cyber Security

We offer a variety of services to help companies be prepared for real cyber-attacks.

Contact Us