Okta breach happened after employee logged into personal Google account
Okta has revealed details about a recent breach which exposed files belonging to customers. As we explained in our article about 1Password being a victim of this breach, it's normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file. Having this file allows the team to troubleshoot issues by replicating what's going on in the browser. As such, a HAR file can contain sensitive data, including cookies and session tokens, that cybercriminals can use to impersonate valid users. READ MORE...
37 Vulnerabilities Patched in Android With November 2023 Security Updates
Google on Monday announced patches for 37 vulnerabilities as part of the November 2023 Android security updates, with additional fixes released for Pixel devices. The first part of the security update will arrive on devices as the 2023-11-01 security patch level, addressing 15 vulnerabilities in Android's Framework and System components. In fact, all the remaining 14 vulnerabilities that the 2023-11-01 security patch level resolves are high-severity flaws. READ MORE...
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity bug in the ActiveMQ scalable open-source message broker that enables unauthenticated attackers to execute arbitrary shell commands on vulnerable servers. READ MORE...
Countries pledge to not pay ransoms, but experts question impact
All 50 members of the International Counter Ransomware Initiative endorsed a joint policy statement last week asserting "relevant institutions under our national government authority should not pay ransomware extortion demands." Cyber authorities representing the collection of 48 countries, the European Union and Interpol, gathered for the third year in Washington, to advance efforts to fight ransomware activity. READ MORE...
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
If your spouse or your child called you on the phone, screaming and crying, telling you they've been kidnapped, how likely would you be to meet it with calm, measured skepticism? At this year's Black Hat Europe, two researchers from Trend Micro will be discussing the real, emerging new trend of "virtual kidnapping," perhaps artificial intelligence's most terrifying malicious application yet. READ MORE...
Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications - Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, cloud-hosted Apache NiFi instances, and so on - to deploy cryptominers. READ MORE...
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings (9.8 and 9.9/10 CVSS base scores) to the critical security flaws since they let attackers gain remote code execution (RCE) and steal NTLM hashes from vulnerable servers. The remaining two are medium-severity bugs that require user interaction or have limited impact. READ MORE...
After decades lost, Star Trek's original Enterprise model may have been found
The first model of the USS Enterprise ever used in shooting the original Star Trek series may have surfaced after going missing decades ago. An eBay listing of a 3-foot model of the Enterprise appeared early last week and named a starting bid of $1,000. The listing was removed hours after it went up after enthusiasts on social media and forums discovered it and pieced together what it likely was. READ MORE...
- ...in 1867, physicist and chemist Marie Sklodowska-Curie, the first and only person to win two Nobel Prizes in separate scientific fields, is born in Warsaw, Poland.
- ...in 1929, the Museum of Modern Art (MoMA) opens to the public in New York City.
- ...in 1933, Fiorello La Guardia is elected as the 99th mayor of New York City.
- ...in 1991, pro basketball player Earvin "Magic" Johnson announces his retirement from the NBA, after revealing that he is HIV positive.
