The Cybersecurity and Infrastructure Security Agency (CISA) is releasing the Secure Cloud Business Applications (SCuBA) project's Google Workspace (GWS) secure configuration baselines and its new assessment tool, ScubaGoggles. These materials, developed in collaboration with Google, are designed to help federal agencies secure GWS environments and leverage native security capabilities to improve an organization's overall cyber posture.

According to a new study conducted by researchers at SentinelOne, Microsoft, and PwC, the recently outed advanced persistent threat (APT) actor Sandman appears linked to China.  Sandman mainly targets telecom providers in the Middle East, Europe, and South Asia, likely for cyberespionage purposes.  The researchers were able to draw links between the observed Sandman APT attacks and the activity of STORM-0866/Red Dev 40, a suspected China-based threat actor known to be using the KeyPlug backdoor.

About 1,450 pfSense instances are vulnerable to command injection and Cross-Site Scripting (XSS) flaws that, if exploited together, could allow attackers to conduct Remote Code Execution (RCE) on the appliance. The pfSense solution is an open-source firewall and router software with extensive customization and deployment flexibility. It meets specific needs while providing various features typically found in expensive commercial products. SonarSource researchers found three flaws that affect pfSense 2.7.0 and older, as well as pfSense Plus 23.05.01 and older, in mid-November.

Interpol has announced Operation Storm Makers II, a joint effort by 27 Asian countries to target cyber-fraud operations engaged in human trafficking to carry out scams. However, it appears that this type of operation is also spreading to other parts of the world. According to Interpol's announcement of the operation, victims are promised well-paying jobs in Southeast Asia, but are instead forced to commit large-scale online fraud while enduring severe physical abuse.

According to SafeGuard Cyber, 42 percent of businesses report that employees using Bring Your Own Device (BYOD) devices in business settings involving tools such as WhatsApp have caused new security incidents. Messaging platforms such as WhatsApp, Telegram, Slack, and Teams face constant threats, underscoring the importance of strong security. WhatsApp is becoming increasingly popular for business communication, but it is not without risk.

A phishing campaign has been delivering MrAnon Stealer, an information stealer malware, to unsuspecting victims through booking-themed PDF lures. According to Fortinet FortiGuard Labs researcher Cara Lin, this malware is a Python-based information stealer compressed with cx-Freeze to avoid detection. MrAnon Stealer grabs credentials, system information, browser sessions, and cryptocurrency extensions. This article continues to discuss findings regarding MrAnon Stealer.

According to researchers, firmware vulnerabilities that may impact 95 percent of computers allow hackers to bypass boot security and execute malware upon startup. The flaws come from image parsers in Unified Extensible Firmware Interface (UEFI) system firmware that are used to load logo images on startup screens.

A new study published in the International Journal of Electronic Finance examined security issues related to personal data processing in the interconnected landscape. A team of academic researchers in India explored the complexities of data privacy and security, highlighting issues such as diverse data and sensors in mobile devices, the use of various identifiers, and consumer monitoring. One major source of concern has been the difficulty in enforcing data protection regulations within the mobile app ecosystem, like the General Data Protection Regulation (GDPR) rules.

A new publication from the National Institute of Standards and Technology (NIST) offers guidance on using a type of mathematical algorithm known as differential privacy to help data-centric organizations strike a balance between privacy and accuracy. Using differential privacy, the data can be made public without revealing the identities of the individuals in the dataset.

Cold storage and logistics giant Americold has recently confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware.  Americold employs 17,000 people worldwide and operates more than 24 temperature-controlled warehouses across North America, Europe, Asia-Pacific, and South America.