Governments should recognize electoral processes as critical infrastructure and enact laws to regulate the use of generative Artificial Intelligence. Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. Key events include the European Parliament elections in June, the U.S. presidential elections in November, and the French and German presidential elections in […]
A joint law enforcement operation led by Europol and the ENISA, along with private security firms, identified 443 online shops compromised with digital skimming. Europol and ENISA collaborated in a joint law enforcement operation uncovering 443 online shops affected by digital skimming. The operation is part of EMPACT priority, a law enforcement activity targeting the criminals […]
A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced to an indefinite hospital order. The UK Southwark Crown Court has sentenced Arion Kurtaj, a prominent member of the international cyber extortion gang Lapsus$, to an indefinite hospital order. Over the years, the Lapsus$ gang compromised many high-profile companies such as NVIDIA, Samsung, Ubisoft, Mercado […]
An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered. The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large […]
ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust sites that should not be trusted. ESET has addressed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature, preventing potential exploitation that could lead web browsers to trust websites using certificates […]
More than 22,000 users of Blink Mobility should take the necessary steps to protect themselves against the risk of identity theft. The Cybernews research team has discovered that their personal data was exposed in a leak. Los Angeles-based electric car-sharing provider Blink Mobility left a misconfigured MongoDB database open to the public. Its metadata was […]
Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will […]
The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR (Network Video Recorder) devices. In November, Akamai warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has been active since […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware […]
Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]