29 November 2023

  • Google Chrome addresses a zero-day (CVE-2023-6345) vulnerability actively exploited in the wild, an integer overflow bug in Skia.

  • Bluetooth attacks 'BLUFFS' expose Bluetooth session secrecy, allowing device impersonation and Man-in-the-Middle attacks.

  • Exploitation of a critical ownCloud vulnerability (CVE-2023-49103) exposing admin passwords and mail server credentials.

  • Stolen account credentials contribute to 83% of external-party-related breaches between November 2021 and October 2022.

  • Security researchers reveal a severe design flaw in Google Workspace's domain-wide delegation (DWD), posing privilege escalation risks.

  • Vulnerability discovered in Microsoft Access that could leak a user's Windows NTLM tokens via a specially crafted Access file.

  • Additional threat activity discovered linked to the October 2023 breach of Okta's support system.
  • Threat actor accessed names and emails of all Okta customer support users.

  • DJVU ransomware now distributed via cracked software, appending '.xaro' to affected files and demanding a decryptor ransom.

  • Active exploitation of Apache ActiveMQ flaw leading to distribution of GoTitan and PrCtrl Rat malware.

  • Qilin ransomware group claims responsibility for attacking Yanfeng Automotive Interiors, a significant automotive parts supplier.

  • DP World confirms data theft in a recent cyberattack, assuring no ransomware or encryption was used.

  • Temporary fix provided for an issue causing Outlook Desktop crashes during email sending from Outlook.com accounts.

  • Hackers leveraging ownCloud vulnerability to compromise admin credentials, mail server access, and license keys.

  • Law enforcement arrests key individuals in Ukraine linked to multiple ransomware schemes.

ransomwareukrainearrestowncloudhackersmicrosoftcyberattackgotitanbotnetapacheactivemqoktaauthenticationaccessgoogle workspaceverizonzero-day


Subscribe to our newsletter to stay informed about CyberSecurity news. You can unsubscribe at any time.

More than Cyber Security

We offer a variety of services to help companies be prepared for real cyber-attacks.

Contact Us