Windows 11 23H2 - New features in the Windows 11 2023 Update

Microsoft released the new Windows 11 23H2 feature update today, and it comes with a ton of new features that may make Windows 10 holdouts willing to upgrade. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-new-features-in-the-windows-11-2023-update/

 Flipper Zero Bluetooth spam attacks ported to new Android app

Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. [...]

https://www.bleepingcomputer.com/news/security/flipper-zero-bluetooth-spam-attacks-ported-to-new-android-app/

 Avast confirms it tagged Google app as malware on Android phones

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. [...]

https://www.bleepingcomputer.com/news/security/avast-confirms-it-tagged-google-app-as-malware-on-android-phones/

 LayerX Enterprise Browser Security Extension – Secure the Modern Workspace

LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity. [...]

https://www.bleepingcomputer.com/news/security/layerx-enterprise-browser-security-extension-secure-the-modern-workspace/

 Hackers exploit recent F5 BIG-IP flaws in stealthy attacks

F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-recent-f5-big-ip-flaws-in-stealthy-attacks/

 Mozi malware botnet goes dark after mysterious use of kill-switch

Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. [...]

https://www.bleepingcomputer.com/news/security/mozi-malware-botnet-goes-dark-after-mysterious-use-of-kill-switch/

 Microsoft: Windows Copilot makes desktop icons jump between displays

Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-copilot-makes-desktop-icons-jump-between-displays/

 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/3-000-apache-activemq-servers-vulnerable-to-rce-attacks-exposed-online/

 Hackers use Citrix Bleed flaw in attacks on govt networks worldwide

Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-citrix-bleed-flaw-in-attacks-on-govt-networks-worldwide/

 New CVSS 4.0 vulnerability severity rating standard released

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version. [...]

https://www.bleepingcomputer.com/news/security/new-cvss-40-vulnerability-severity-rating-standard-released/

 Toronto Public Library outages caused by Black Basta ransomware attack

The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/toronto-public-library-outages-caused-by-black-basta-ransomware-attack/

 FSB arrests Russian hackers working for Ukrainian cyber forces

Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations. [...]

https://www.bleepingcomputer.com/news/legal/fsb-arrests-russian-hackers-working-for-ukrainian-cyber-forces/

 Meta faces EU ban on Facebook, Instagram targeted advertising

The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority (DPA) in July. [...]

https://www.bleepingcomputer.com/news/technology/meta-faces-eu-ban-on-facebook-instagram-targeted-advertising/

 Your end-users are reusing passwords – that’s a big problem

Password reuse is a difficult vulnerability for IT teams to get full visibility over. Learn more from Specops Software on how to mitigate the risk of compromised credentials. [...]

https://www.bleepingcomputer.com/news/security/your-end-users-are-reusing-passwords-thats-a-big-problem/

 Okta hit by third-party data breach exposing employee information

Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached. [...]

https://www.bleepingcomputer.com/news/security/okta-hit-by-third-party-data-breach-exposing-employee-information/

 Microsoft pledges to bolster security as part of ‘Secure Future’ initiative

Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-pledges-to-bolster-security-as-part-of-secure-future-initiative/

 Boeing confirms cyberattack amid LockBit ransomware claims

Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data. [...]

https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/

 Cloudflare Dashboard and APIs down after data center power outage

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-dashboard-and-apis-down-after-data-center-power-outage/

 HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks

A remote code execution (RCE) flaw impacting Apache ActiveMQ has been under active exploitation by threat actors who use HelloKitty ransomware payloads. [...]

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-now-exploiting-apache-activemq-flaw-in-attacks/

 Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems

U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. [...]

https://www.bleepingcomputer.com/news/security/mortgage-giant-mr-cooper-hit-by-cyberattack-impacting-it-systems/

 BlackCat ransomware claims breach of healthcare giant Henry Schein

The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. [...]

https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-breach-of-healthcare-giant-henry-schein/