Android game dev’s Google Drive misconfig highlights cloud security risks

Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. [...]

https://www.bleepingcomputer.com/news/security/android-game-devs-google-drive-misconfig-highlights-cloud-security-risks/

 The biggest cybersecurity and cyberattack stories of 2023

2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2023/

 The law enforcement operations targeting cybercrime in 2023

In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. [...]

https://www.bleepingcomputer.com/news/security/the-law-enforcement-operations-targeting-cybercrime-in-2023/

 Victoria court recordings exposed in reported ransomware attack

Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/victoria-court-recordings-exposed-in-reported-ransomware-attack/

 Google Groups is ending support for Usenet to combat spam

Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. [...]

https://www.bleepingcomputer.com/news/google/google-groups-is-ending-support-for-usenet-to-combat-spam/

 Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. [...]

https://www.bleepingcomputer.com/news/security/xerox-says-subsidiary-xbs-us-breached-after-ransomware-gang-leaks-data/

 Online museum collections down after cyberattack on service provider

Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. [...]

https://www.bleepingcomputer.com/news/security/online-museum-collections-down-after-cyberattack-on-service-provider/

 Orbit Chain loses $86 million in the last fintech hack of 2023

Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. [...]

https://www.bleepingcomputer.com/news/security/orbit-chain-loses-86-million-in-the-last-fintech-hack-of-2023/

 Steam drops support for Windows 7 and 8.1 to boost security

Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. [...]

https://www.bleepingcomputer.com/news/security/steam-drops-support-for-windows-7-and-81-to-boost-security/

 CISA warns of actively exploited bugs in Chrome and Excel parsing library

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-bugs-in-chrome-and-excel-parsing-library/

 Nearly 11 million SSH servers vulnerable to new Terrapin attacks

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. [...]

https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

 Data breach at healthcare tech firm impacts 4.5 million patients

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. [...]

https://www.bleepingcomputer.com/news/security/data-breach-at-healthcare-tech-firm-impacts-45-million-patients/

 LastPass now requires 12-character master passwords for better security

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. [...]

https://www.bleepingcomputer.com/news/security/lastpass-now-requires-12-character-master-passwords-for-better-security/

 PornHub blocks North Carolina, Montana over new age verification laws

Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. [...]

https://www.bleepingcomputer.com/news/security/pornhub-blocks-north-carolina-montana-over-new-age-verification-laws/

 Nigerian hacker arrested for stealing $7.5M from charities

A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million. [...]

https://www.bleepingcomputer.com/news/security/nigerian-hacker-arrested-for-stealing-75m-from-charities/

 Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [...]

https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/

 Mandiant’s account on X hacked to push cryptocurrency scam

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. [...]

https://www.bleepingcomputer.com/news/security/mandiants-account-on-x-hacked-to-push-cryptocurrency-scam/

 'everything' blocks devs from removing their own npm packages

Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry. [...]

https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/

 FTC offers $25,000 prize for detecting AI-enabled voice cloning

The U.S. Federal Trade Commission (FTC) has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity. [...]

https://www.bleepingcomputer.com/news/security/ftc-offers-25-000-prize-for-detecting-ai-enabled-voice-cloning/

 Zeppelin ransomware source code sold for $500 on hacking forum

A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. [...]

https://www.bleepingcomputer.com/news/security/zeppelin-ransomware-source-code-sold-for-500-on-hacking-forum/

 Hackers hijack govt and business accounts on X for crypto scams

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams. [...]

https://www.bleepingcomputer.com/news/security/hackers-hijack-govt-and-business-accounts-on-x-for-crypto-scams/