An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched. It ultimately arrived as a "high" security fix for a buffer overflow, one that affects all OpenSSL 3.x installations, but is unlikely to lead to remote code execution. OpenSSL version 3.0.7 was announced last week as a critical security fix release. READ MORE...
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent. READ MORE...
United States Attorney Roger B. Handberg announces the partial unsealing of an indictment charging eight individuals with Racketeer Influenced and Corrupt Organizations (RICO) conspiracy. Four have also been charged with wire fraud conspiracy and aggravated identity theft. If convicted, each faces a maximum penalty of 20 years in federal prison for the RICO conspiracy count. READ MORE...
A missing authentication check vulnerability in Azure Cosmos DB could have allowed an attacker to execute arbitrary code remotely, Orca Security warns. Azure Cosmos DB is a NoSQL database used on e-commerce platforms to store catalog data, and in order processing pipelines for event sourcing. The security defect was identified in Azure Cosmos DB Jupyter notebooks, an open-source interactive developer environment (IDE) that allows developers to share documents, live code, visualizations, and more. READ MORE...
The US Department of Justice has indicted a Ukrainian national for his involvement in Raccoon Stealer, a noteworthy password-stealing Trojan leased in the underground for criminals to use as part of a malware-as-a-service (MaaS) business model. According to court documents, Mark Sokolovsky, 26, is currently held in the Netherlands under an extradition request from the US government. Dutch authorities arrested Sokolovsky, known online as "raccoonstealer," in March 2022. READ MORE...
A week before the midterm elections, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the Biden administration has done "everything we can" to protect election infrastructure and cautioned against overreactions to any voting mishaps on Election Day. "There are going to be errors, there are going to be glitches. That happens in every election," Easterly said during a Center for Strategic and International Studies event in Washington on Tuesday. READ MORE...
As the holidays creep around the corner, consumers and retailers aren't the only ones gearing up for the season. Cybercriminals are right on their tail. It's no secret that major consumer holidays - from Amazon Prime Day to the end-of-year holiday sprint - carry big targets for threat actors. Projections for this year's Black Friday shows online spending reaching $13 billion. READ MORE...