Ivanti releases patches for 13 critical Avalanche RCE flaws

​Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. [...]

https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/

 New phishing attack steals your Instagram backup codes to bypass 2FA

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [...]

https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/

 Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts

Cryptocurrency scammers are abusing a legitimate Twitter "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. [...]

https://www.bleepingcomputer.com/news/security/crypto-scammers-abuse-twitter-feature-to-impersonate-high-profile-accounts/

 Google fixes 8th Chrome zero-day exploited in attacks this year

Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-8th-chrome-zero-day-exploited-in-attacks-this-year/

 Fake F5 BIG-IP zero-day warning emails push data wipers

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [...]

https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/

 Android malware Chameleon disables Fingerprint Unlock to steal PINs

The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs. [...]

https://www.bleepingcomputer.com/news/security/android-malware-chameleon-disables-fingerprint-unlock-to-steal-pins/

 BidenCash darkweb market gives 1.9 million credit cards for free

The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. [...]

https://www.bleepingcomputer.com/news/security/bidencash-darkweb-market-gives-19-million-credit-cards-for-free/

 OpenAI rolls out imperfect fix for ChatGPT data leak flaw

OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. [...]

https://www.bleepingcomputer.com/news/security/openai-rolls-out-imperfect-fix-for-chatgpt-data-leak-flaw/

 Microsoft deprecates Defender Application Guard for some Edge users

Microsoft is deprecating Defender Application Guard (including the Windows Isolated App Launcher APIs) for Edge for Business users. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-defender-application-guard-for-some-edge-users/

 Title insurance giant First American offline after cyberattack

First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/title-insurance-giant-first-american-offline-after-cyberattack/

 Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [...]

https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/

 Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence

Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced indefinitely in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI. [...]

https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/

 Crypto drainer steals $59 million from 63k people in Twitter ad push

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. [...]

https://www.bleepingcomputer.com/news/security/crypto-drainer-steals-59-million-from-63k-people-in-twitter-ad-push/

 Fake VPN Chrome extensions force-installed 1.5 million times

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. [...]

https://www.bleepingcomputer.com/news/security/fake-vpn-chrome-extensions-force-installed-15-million-times/

 Europol warns 443 online shops infected with credit card stealers

Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. [...]

https://www.bleepingcomputer.com/news/security/europol-warns-443-online-shops-infected-with-credit-card-stealers/

 Nissan Australia cyberattack claimed by Akira ransomware gang

Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. [...]

https://www.bleepingcomputer.com/news/security/nissan-australia-cyberattack-claimed-by-akira-ransomware-gang/

 Ubisoft says it's investigating reports of a new security breach

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. [...]

https://www.bleepingcomputer.com/news/security/ubisoft-says-its-investigating-reports-of-a-new-security-breach/

 The Week in Ransomware - December 22nd 2023 - BlackCat hacked

Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2023-blackcat-hacked/

 Mint Mobile discloses new data breach exposing customer data

Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. [...]

https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/

 ‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. [...]

https://www.bleepingcomputer.com/news/security/wall-of-flippers-detects-flipper-zero-bluetooth-spam-attacks/

 Google Chrome now scans for compromised passwords in the background

Google says the Chrome Safety Check feature will work in the background to check if passwords saved in the web browser have been compromised. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-now-scans-for-compromised-passwords-in-the-background/