News – December 2023

December 15, 2023

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning government, military, technology, retail, and more. Perforce Server customers are strongly urged to update to version ...

December 14, 2023

Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products, announced on X that someone had pushed out a “malicious version” of its Ledger Connect Kit, ...

December 14, 2023

The ALPHV ransomware gang, arguably the second most dangerous “big game” ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHV’s dark web leak site may be back but it is only showing a single victim with no ...

December 14, 2023

Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design. In their last article on Rhadamanthys, Check Point researchers focused on the custom executable formats used by this malware and their similarity to a different family, Hidden Bee, which is most likely its predecessor. In this article they do a ...

December 14, 2023

Zscaler ThreatLabz researchers analyzed 29.8 billion blocked threats embedded in encrypted traffic from October 2022 to September 2023 in the Zscaler cloud, presenting their findings in the Zscaler ThreatLabz 2023 State of Encrypted Attacks Report. According to the Google Transparency Report, encrypted traffic saw a significant rise in the last decade, reaching 95% of global traffic ...

December 13, 2023

On 13 December 2023, the NATO Communications and Information Agency (NCI Agency) signed a contract with IBM to help strengthen the Alliance’s cybersecurity posture with improved security visibility and asset management across all NATO enterprise networks. Following NATO’s new dynamic and competitive procurement process, featuring regular workshops, sprints and continuous communication with industry, the NCI Agency ...

December 13, 2023

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD to software developers. Read more… Source: Malwarebytes labs  

December 13, 2023

Apple will now require a court order or search warrant to give push notification data to law enforcement in a shift from the previous practice of accepting a subpoena to hand over data. In Apple’s guidelines, which are made publicly available online, the company said the Apple ID, which is a user’s Apple account, and the ...

December 13, 2023

The US Federal Bureau of Investigation (FBI) and partners assess Russian Foreign Intelligence Service (SVR) cyber actors – also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard – are exploiting CVE-2023-42793 a at a large scale, targeting servers hosting JetBrains TeamCity software since September 2023. Software developers use TeamCity software ...

December 13, 2023

The Ministry of Defence has been fined £350,000 for an “egregious” data breach that exposed the personal information of Afghan nationals seeking to flee to the UK after the Taliban takeover. Details belonging to 265 people were mistakenly copied in to emails sent by the Government, meaning they could be seen by all recipients, the Information ...