Postmeds, a company doing business as Truepill, is sending data breach notifications, informing recipients that threat actors have compromised their sensitive personal information. Truepill is a Business-to-Business (B2B) pharmacy platform that uses Application Programming Interfaces (APIs) to fulfill orders and service delivery for Direct-to-Consumer (D2C) brands, digital health companies, and other healthcare organizations across the US.

It has recently been discovered that the WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.  WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search.  According to WordPress.org stats, it is used by more than a million sites.

Intel has addressed a high severity flaw called Reptar that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583 with a CVSS score of 8.8, can enable privilege escalation, information disclosure, and/or Denial-of-Service (DoS) via local access. According to Google Cloud, the successful exploitation of the vulnerability could also allow a bypass of the CPU's security boundaries. It is caused by how redundant prefixes are interpreted by the processor.

The US government recently announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service.  According to the Department of Justice (DoJ), the FBI dismantled the infrastructure associated with the IPStorm malware and the proxy network powered by the IPStorm botnet.  The malware was delivered to thousands of Windows, Linux, Mac, and Android devices worldwide, enabling cybercriminals to use the compromised devices for a proxy service.

According to Forescout researchers, a popular brand of industrial routers has 21 vulnerabilities. Forescout analysts will reveal the bugs at Black Hat Europe, including one of 9.6 critical severity on the CVSS scale and nine of high severity, impacting a brand of Operational Technology (OT)/Internet of Things (IoT) routers popular in the medical and manufacturing sectors. Such routers bridge the broader Internet with internal networks through 3G and 4G cellular networks. They are most common in critical industries like transportation, government, and water treatment.

In collaboration with Australia's national science agency CSIRO, a team of experts led by Monash University researchers developed an algorithm that can help strengthen online transactions against powerful attacks from quantum computers. Cryptography researchers from Monash University's Faculty of Information Technology and CSIRO's data and digital specialist arm Data61 have developed what is described as the most efficient quantum-secure cryptography algorithm called LaV.

A federal judge in Seattle threw out a class-action lawsuit alleging that some of the top automakers used their vehicles' onboard infotainment systems to record and intercept drivers' text messages and phone call logs. The judge ruled that the practice did not violate the Washington Privacy Act, noting that the plaintiffs had failed to prove the activity threatened "their business, person, or reputation." Among the automakers being sued were Honda, Toyota, Volkswagen, and General Motors.

Adobe recently rolled out a massive batch of security fixes to cover critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition products.  Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software.  Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and memory leak issues.

According to security researchers at Sophos, cybercriminals have been observed disabling or wiping out logs in 82% of incidents.  The researchers stated that time is critical when responding to an active threat.  The time between spotting the initial access event and full threat mitigation should be as short as possible.  The researchers noted that the farther along in the attack chain an attacker makes it, the bigger the headache for responders.  The researchers added that missing telemetry only adds time to remediations that most organizations can’t afford.