Security News > 2023 > February

A threat actor has posted data the alleged data stolen from American game publisher Activision in December 2022 on a hacking forum, highlighting the data's value for phishing operations. In a forum post to the Breached hacking forum, a website used by threat actors to sell and publish stolen data, the hackers claims to have stolen the data from Activision Azure database.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

The RIG exploit kit touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. Exploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers.

The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history. The RIG exploit kit is a set of malicious JavaScript scripts embedded in compromised or malicious websites by the threat actors, which are then promoted through malvertising.

SaaS-to-SaaS app installations are growing nonstop at organizations around the world. Third-party app connections typically take place outside the view of the security team, are not vetted to understand the level of risk they pose.

Microsoft has addressed a known issue behind unsupported computers being offered Windows 11 22H2 upgrades and unable to complete the installation process. This has happened before, with Windows 11 22H2 being offered to Windows 11 Insiders in the Release Preview channel with ineligible devices.

QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program. QNAP's NAS devices, in particular, have been getting hit in the last few years by information-stealing malware, bitcoin-mining malware, and ransomware, usually delivered by exploiting vulnerabilities.

Starting in June, companies operating in China must undergo a regulatory intervention when sending data abroad, thanks to the Cyberspace Administration of China. The CAC announced on Friday businesses that handle the personal information of up to 1 million people, or want to send user information of up to 100,000 individuals abroad, will need to sign a standard contract before doing so and file it with a local CAC office within 10 working days of it taking effect.

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers' crosshairs.

Congress is currently debating bills that would ban TikTok in the United States. There are several ways Congress might ban TikTok, each with different efficacies and side effects.