Canada bans WeChat and Kaspersky products on govt devices

Canada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees, citing network and national security concerns. [...]

https://www.bleepingcomputer.com/news/security/canada-bans-wechat-and-kaspersky-products-on-govt-devices/

 Massive cybercrime URL shortening service uncovered via DNS data

A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected. [...]

https://www.bleepingcomputer.com/news/security/massive-cybercrime-url-shortening-service-uncovered-via-dns-data/

 Samsung Galaxy gets new Auto Blocker anti-malware feature

Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices. [...]

https://www.bleepingcomputer.com/news/security/samsung-galaxy-gets-new-auto-blocker-anti-malware-feature/

 Dozens of countries will pledge to stop paying ransomware gangs

An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. [...]

https://www.bleepingcomputer.com/news/security/dozens-of-countries-will-pledge-to-stop-paying-ransomware-gangs/

 Microsoft releases Windows 11 23H2 as an enablement package

Microsoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-11-23h2-as-an-enablement-package/

 Atlassian warns of critical Confluence flaw leading to data loss

Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation. [...]

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-confluence-flaw-leading-to-data-loss/

 British Library knocked offline by weekend cyberattack

The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. [...]

https://www.bleepingcomputer.com/news/security/british-library-knocked-offline-by-weekend-cyberattack/

 How to download a Windows 11 23H2 ISO from Microsoft

Microsoft released Windows 11 23H2, the Windows 11 2023 Update, today, and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-a-windows-11-23h2-iso-from-microsoft/

 Windows 11 23H2 - New features in the Windows 11 2023 Update

Microsoft released the new Windows 11 23H2 feature update today, and it comes with a ton of new features that may make Windows 10 holdouts willing to upgrade. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-new-features-in-the-windows-11-2023-update/

 Flipper Zero Bluetooth spam attacks ported to new Android app

Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. [...]

https://www.bleepingcomputer.com/news/security/flipper-zero-bluetooth-spam-attacks-ported-to-new-android-app/

 Avast confirms it tagged Google app as malware on Android phones

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. [...]

https://www.bleepingcomputer.com/news/security/avast-confirms-it-tagged-google-app-as-malware-on-android-phones/

 LayerX Enterprise Browser Security Extension – Secure the Modern Workspace

LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity. [...]

https://www.bleepingcomputer.com/news/security/layerx-enterprise-browser-security-extension-secure-the-modern-workspace/

 Hackers exploit recent F5 BIG-IP flaws in stealthy attacks

F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-recent-f5-big-ip-flaws-in-stealthy-attacks/

 Mozi malware botnet goes dark after mysterious use of kill-switch

Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. [...]

https://www.bleepingcomputer.com/news/security/mozi-malware-botnet-goes-dark-after-mysterious-use-of-kill-switch/

 Microsoft: Windows Copilot makes desktop icons jump between displays

Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-copilot-makes-desktop-icons-jump-between-displays/

 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/3-000-apache-activemq-servers-vulnerable-to-rce-attacks-exposed-online/

 Hackers use Citrix Bleed flaw in attacks on govt networks worldwide

Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-citrix-bleed-flaw-in-attacks-on-govt-networks-worldwide/

 New CVSS 4.0 vulnerability severity rating standard released

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version. [...]

https://www.bleepingcomputer.com/news/security/new-cvss-40-vulnerability-severity-rating-standard-released/

 Toronto Public Library outages caused by Black Basta ransomware attack

The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/toronto-public-library-outages-caused-by-black-basta-ransomware-attack/

 FSB arrests Russian hackers working for Ukrainian cyber forces

Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations. [...]

https://www.bleepingcomputer.com/news/legal/fsb-arrests-russian-hackers-working-for-ukrainian-cyber-forces/

 Meta faces EU ban on Facebook, Instagram targeted advertising

The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority (DPA) in July. [...]

https://www.bleepingcomputer.com/news/technology/meta-faces-eu-ban-on-facebook-instagram-targeted-advertising/