Security News > 2023 > October
Recent versions of the TorBrowser, specifically because of the updated tor. Microsoft stated, "We've reviewed the submitted files and have determined that they do not fit our definitions of malware or unwanted applications. As such, we've removed the detection."
Surprises often arise when connecting two iPhones to the same Apple ID. Addressing several key settings helps avoid common mistakes. Although connecting two iPhones to the same Apple ID has its advantages - including expanding your or a partner's access to your documents, spreadsheets and presentations - unpleasant surprises can arise such as unintentionally revealing contact and calendar information and mistakenly sending texts from the wrong number.
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative, one of them allowing unauthenticated attackers to gain remote code execution. As Exim developer Heiko Schlittermann revealed on the Open Source Security mailing list on Friday, today's fixes were already "Available in a protected repository" and "Ready to be applied by the distribution maintainers."
An urgent ransomware warning from the Feds has some industry analysts scratching their heads and wondering if Uncle Sam's noggin has been buried in the sand for too long. On September 27, the FBI issued a security alert about "Two trends emerging across the ransomware environment." The first, according to agents, is dual ransomware infections.
The malware is under rapid development, with updates adding new features and bug fixes. Researchers at cloud security company Zscaler note that BunnyLoader is quickly becoming popular among cybercriminals as a feature-rich malware available for a low price.
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. The flaw allows unauthenticated attackers to gain remote code execution after successfully exploiting an authentication bypass weakness in low-complexity attacks that don't require user interaction.
Over the weekend, security researchers released a proof-of-concept exploit for a maximum severity remote code execution vulnerability in Progress Software's WS FTP Server file sharing platform. "This vulnerability turned out to be relatively straight forward and represented a typical.NET deserialization issue that led to RCE. It's surprising that this bug has stayed alive for so long, with the vendor stating that most versions of WS FTP are vulnerable," Assetnote said.
The AI security center's establishment follows an NSA study that identified securing AI models from theft and sabotage as a major national security challenge, especially as generative AI technologies emerge with immense transformative potential for both good and evil. Nakasone said it would become "NSA's focal point for leveraging foreign intelligence insights, contributing to the development of best practices guidelines, principles, evaluation, methodology and risk frameworks" for both AI security and the goal of promoting the secure development and adoption of AI within "Our national security systems and our defense industrial base."
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. The flaw is currently tracked as CVE-2023-4211 and was discovered and reported to Arm by researchers of Google's Threat Analysis Group and Project Zero.
In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a timely manner.