Security News
Breaking The SEC today said its Twitter/X account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price. In a now-deleted tweet shared in the past hour, the American financial regulator appeared to say: "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."
Breaking The SEC today said its Twitter account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing cryptocurrency to spike and then slip in price. In a now-deleted tweet, shared in the past hour, the American financial regulator appeared to say: "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection."
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. China has a long history of censoring its people, requesting Apple block access to mobile apps, blocking encrypted messaging apps, such as Signal, and creating the Great Firewall of China to control what sites can be visited in the country.
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. Cybersecurity company Arctic Wolf says it has investigated "Several cases" where victims of the two ransomware groups that paid a ransom were approached by a threat actor claiming to be an ethical hacker or security researcher with a deep understanding of the field.
Today, the U.S. Federal Trade Commission banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. Under the order released today, the first time data brokers were barred from sharing and selling users' sensitive location data, Outlogic must now delete all unlawfully collected sensitive location data, including any models or algorithms derived from this data.
For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. CVE-2024-20674 is a security feature bypass vulnerability that may allow attackers to impersonate Windows' Kerberos server.
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. KB5034122 is a mandatory Windows 10 cumulative update containing the January 2024 Patch Tuesday security updates.
The Known Exploited Vulnerabilities catalog, or KEV for short, contains security issues that have been actively exploited in the wild. CISA has given federal agencies until January 29 to patch the six actively exploited flaws or stop using the vulnerable products.
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update.
Microsoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month. [...]