A major data breach at IT provider Zeroed-In Technologies has impacted nearly two million end users, including thousands of Dollar Tree and Family Dollar employees.  The data breach affected 1,977,486 users on August 7-8, 2023.  Zeroed-In Technologies stated that the investigation determined that an unauthorized actor gained access to certain systems between August 7, 2023, and August 8, 2023.  The company found that the threat actor stole names, dates of birth, and Social Security numbers.

Computer scientists led by Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis, created AntiFake, a tool to protect voice recordings from unauthorized speech synthesis. Recent advancements in generative Artificial Intelligence (AI) have accelerated progress in realistic speech synthesis.

A recent North Korean attack on a Taiwanese company spreads malware to the United States, Canada, Japan and Taiwan. Microsoft discovered that a hacker gang known as Diamond Sleet gained access to a Taiwan software company CyberLink Corporation producers of audio, video, and photo editing software. They added malware to the application installer and managed to get their modified version signed with a CyberLink certificate and hosted on a valid update system. The code checks to see if security software from CrowdStrike, FireEye, or Tanium is present before running the malicious code.

The latest variant of DJVU ransomware, codenamed Xaro, is distributed in the form of cracked software. The DJVU variant appends the .xaro extension to affected files and demands a ransom for a decryptor. It has been observed infecting systems along with other commodity loaders and infostealers. DJVU, which is a variant of the STOP ransomware, typically masquerades as legitimate services or applications. It is also delivered as a SmokeLoader payload. This article continues to discuss the new variant of the DJVU ransomware.

Tenable researchers have released proof-of-concepts (POCs) for now-patched critical security vulnerabilities in Arcserve's Unified Data Protection (UDP) solution. Arcserve UDP is a widely used enterprise data protection, backup, and disaster recovery solution that helps organizations improve resiliency against ransomware attacks. This article continues to discuss the potential exploitation and impact of the vulnerabilities affecting Arcserve UDP.

The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, which may have put sensitive space-related technology and data at risk.  The security breach was discovered this Fall when law enforcement authorities alerted Japan's space agency that its systems were compromised.  Chief Cabinet Secretary of Japan Hirokazu Matsuno revealed that attackers gained access to the agency's Active Directory (AD) server, a crucial component overseeing JAXA's network operations.

By grigby1 

By krahal

By aekwall 

Researchers at Eurecom have developed six new attacks collectively dubbed BLUFFS that can breach Bluetooth session confidentiality, enabling device impersonation and Man-in-the-Middle (MitM) attacks. BLUFFS exploits two previously unknown vulnerabilities in the Bluetooth standard related to how session keys are derived for decrypting data in exchange. These flaws are architectural rather than hardware or software configuration-specific, affecting Bluetooth at a fundamental level.