Security News > 2023 > November

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote...

Won't say if it's LockBit, but LockBit appears to have claimed credit. Maybe payment, too Boeing has acknowledged a cyber incident just days after ransomware gang LockBit reportedly exfiltrated...

China's Cyberspace Administration has punished Alibaba-owned search engine Quark and livestreaming platform NetEase for content it deemed vulgar. Quark was fined ¥500,000 and NetEase was required to suspend updates on a channel specializing in dancing content for seven days.

Of course, he would say that, wouldn't he? As the expiration date for the Feds' Section 702 surveillance powers draws closer, FBI Director Christopher Wray has warned a US Senate committee that...

The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority in July. The European watchdog's 27 October urgent binding decision instructs Ireland's Data Protection Commission to ban the processing of personal data for behavioral advertising across the entire European Economic Area within two weeks.

The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations.

Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked. The Register understands one or more people close to or affiliated with the notorious Alphv, aka BlackCat, extortion gang managed to get into a work account of an exec at Advarra and may have copied out at least some information from the business.

The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across the city.

The Mozi botnet has all but disappeared according to security folks who first noticed the prolific network's slowdown and then uncovered a kill switch for the IoT system. Then this August, the criminal network's activity took "a sudden and unanticipated nosedive," according to ESET Research, which on Wednesday said its team found an activated kill switch to "Put the IoT zombie botnet in its grave."

The Forum of Incident Response and Security Teams has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.CVSS is a standardized framework for assessing software security vulnerabilities' severity used to assign numerical scores or qualitative representation based on exploitability, impact on confidentiality, integrity, availability, and required privileges, with higher scores denoting more severe vulnerabilities.