Security News > 2023

SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points. As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA, as it is also known.

Digital nomads are expressing the most frustration when interacting with organizations offering services in the United States, according to Regula. The most painful verification processes for nomads in the USA are linked to specific stages: crossing the border, checking into a hotel, renting accommodations, activating a new mobile phone or SIM card, and securing a rental car.

The fintech market is undergoing a rapid shift, with the rise of new technologies, such as Open Finance, generative AI and A2A payments having a major impact on business models, according to Juniper Research. The fintech markets is moving into a phase where innovation for innovation's sake is no longer a viable strategy.

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data.

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned...

Google says the Chrome Safety Check feature will work in the background to check if passwords saved in the web browser have been compromised. "Safety Check for Chrome on desktop will now run automatically in the background," said Chrome Group Product Manager Sabine Borsay.

EMBA: Open-source security analyzer for embedded devicesThe EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. SSH vulnerability exploitable in Terrapin attacksSecurity researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message.

Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion...

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. The ability to launch Bluetooth LE spam attacks using the Flipper Zero portable wireless pen-testing and hacking tool was first demonstrated in September 2023 by security researcher 'Techryptic.

Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft. "We identified APT33 malware tied to an Iranian persona who may have been employed by the Iranian government to conduct cyber threat activity against its adversaries," the threat hunters said in an alert updated in October.