Security researchers at industrial cybersecurity firm TXOne Networks have disclosed the details of 10 unpatched vulnerabilities discovered in building automation products made by Austrian company Loytec more than two years ago.  The vulnerabilities have been assigned to the identifiers CVE-2023-46380 through CVE-2023-46389, and their details were disclosed in three separate advisories published on the Full Disclosure mailing list in November.

Google recently announced that the December 2023 Android security updates deliver patches for 94 vulnerabilities.  The first part of the updates resolves 33 vulnerabilities in Android's Framework and System components.  Google noted that three of these are rated "critical severity." Google stated that the most severe of these issues is a critical security vulnerability in the system component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed.

Research from HYAS Infosec's HYAS Labs is contributing to the European Union's Artificial Intelligence (AI) Act. The AI Act is an initiative helping to shape the trajectory of AI governance, with US policies and considerations to follow soon. According to AI Act researchers and framers, the Act mirrors a specific conception of AI systems, considering them as non-autonomous statistical software with possible harms mainly from datasets.

Microsoft discovered ongoing malvertising attacks involving the use of the DanaBot Trojan to spread CACTUS ransomware. Microsoft linked the campaign to Storm-0216, also known as Twisted Spider and UNC2198. Storm-0216 previously used Qakbot malware for initial access, but after the Qakbot infrastructure was taken down, it switched to other malware. The current DanaBot campaign was discovered in November, when Microsoft researchers found that the threat actors were using a private version of the popular info-stealing malware rather than the Malware-as-a-Service (MaaS) offering.

It has recently been revealed that data on Blue Shield of California members may have been exposed due to a vulnerability in the MOVEit file transfer platform.  The insurer was notified on Sept. 1 by a vendor that indicated it was a victim of the data breach.  The vendor found on Aug. 23 that an unauthorized user had tapped into information in the MOVEit server and then took the server offline.  After an investigation, Blue Shield of California discovered that this third party extracted data from the server on May 28 and May 31.

According to Lasso Security researchers, while HuggingFace and GitHub developer platforms are important for developing Artificial Intelligence (AI) technologies, they also expose top-level organization accounts from Google, Meta, Microsoft, and VMware to threat actors. Lasso Security began its investigation in November, inspecting hundreds of Application Programming Interfaces (APIs) on the expertise-sharing platforms. Meta, the parent company of Facebook, was discovered to be especially vulnerable, with its Large Language Model Meta AI (LLaMA) exposed in many cases.

Around 60 credit unions are experiencing outages as a result of a ransomware attack on a popular technology provider. According to National Credit Union Administration (NCUA) spokesperson Joseph Adamoli, the ransomware attack targeted Ongoing Operations, a cloud services provider owned by the credit union technology company Trellance. The attack is having a larger impact on other credit union technology providers, such as FedComp, which provides data processing solutions to credit unions.

In a recent data breach, hackers accessed about 14,000 customer accounts with the genetic testing company 23andMe. According to a new filing with the US Securities and Exchange Commission (SEC), the company determined that hackers had accessed 0.1 percent of its customer base. 23andMe's latest annual earnings report revealed that the company has over 14 million customers, so 0.1 percent of the customer base is around 14,000.

The European Space Agency (ESA) is facing cyber threats, as the technology it operates has become more vulnerable to hackers. The current commercialization of European space introduces new challenges, including cybersecurity. Dr. Daniel Fischer, ESA's Head of Ground Segment System and Cybersecurity Engineering, recently announced at a conference in Tallinn that the ESA will expand its security measures. A strong defense-in-depth security strategy called the Ground Operation System Common Core - Multi-Mission Generation (EGOS-MG) will be implemented.

Security researcher MalwareHunterTeam has found a sample of the Qilin ransomware gang's VMware ESXi encryptor, and it could be one of the most advanced and customizable Linux encryptors seen to date.  The researcher noted that enterprises are increasingly moving to virtual machines to host their servers, as they allow for better usage of available CPU, memory, and storage resources.  Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi encryptors to target these servers.