Your daily dose of relevant cybersecurity advisories, industry news, and product updates for September 20, 2023.
Advisories
- Microsoft reveals memory corruption bugs in ‘ncurses’ library
- Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
- Payment Card-Skimming Campaign Now Targeting Websites in North America
- New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
- APT36 state hackers infect Android devices using YouTube app clones
- Trend Micro addresses actively exploited zero-day in Apex One and other security Products
- GitLab Patches Critical Pipeline Execution Vulnerability
- Qatar Cyber Chiefs Warn on Mozilla RCE Bugs
- Hackers backdoor telecom providers with new HTTPSnoop malware
- Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
- Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
- Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Industry News
- Microsoft AI research division accidentally exposed 38TB of sensitive data
- Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit
- Okta Agent Involved in MGM Resorts Breach, Attackers Claim
- Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
- Pro-Iranian Attackers Target Israeli Railroad Network
- Hackers breached International Criminal Court’s systems last week
- TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
- German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals
- North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist
- DoD: China’s ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage
- Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
- China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
- Recent cyber attack is causing Clorox products shortage
- Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace
Products & Service
- Windows Subsystem for Linux gets new ‘mirrored’ network mode
- CrowdStrike acquires Bionic
- CrowdStrike announces major build-out of its Falcon product suite
- Signal adds quantum-resistant encryption to its E2EE messaging protocol
- NordVPN Sonar helps internet users detect phishing emails
- McAfee Scam Protection blocks fake emails, texts, and social media links
- Enea Unveils Qosmos Threat Detection SDK to Boost Network Security
- 1Password introduces mobile support for passkeys
- Skyhawk Security ranks accuracy of LLM cyberthreat predictions
- Venafi taps generative AI to streamline machine identity management
For the latest news on malware and ransomware, check out our latest Weekly Malware Roundup.