Mortgage servicing firm LoanCare recently started informing more than 1.3 million individuals of a data breach impacting their personal information.  A subsidiary of Fidelity National Financial (FNF), LoanCare provides loan subservicing for mortgage loaners, including banks, credit unions, and mortgage firms.  According to LoanCare, the data breach resulted from a cyberattack on FNF’s internal systems.  The incident was identified on November 19, resulting in business disruptions.  The company noted that the incident was contained on November 26, 2023.

A team of researchers from Umeå University, Paderborn University, Université du Luxembourg, and INRIA analyzed vulnerabilities in software written in Java, one of most widely used programming languages, in a study titled "An In-Depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities." They examined Java products that use deserialization, which is the process of restoring packaged information to its last state, such as user settings, game functions, shopping carts, or banking applications, and conducted a thorough analysis of vulnerabilities and attacks.

A recent study conducted by Rui Zhu, a Ph.D. candidate at Indiana University Bloomington, discovered a potential privacy threat posed by OpenAI's Large Language Model (LLM), GPT-3.5 Turbo.  As part of the experiment, Zhu used a GPT-3.5 Turbo feature that allows the model to recall personal data and successfully avoided the model's privacy safeguards. Although there were flaws, the model correctly provided the work addresses of 80 percent of Times employees tested.

Apple's AirTags help users find their keys or track their luggage, but AirTag features have also allowed them to be used as a tracking tool for domestic abusers and criminals in stalking targets. Apple has implemented measures to notify iPhone and Android users if an AirTag is in their vicinity for an extended period without the presence of its owner's iPhone, which could mean that an AirTag has been planted to track their location secretly.

NASA has released its first Space Security Best Practices Guide (BPG), a document aimed at improving cybersecurity for future space missions. Concerns regarding the threats that hackers pose to satellite networks and other space initiatives have grown. In August, the FBI, the National Counterintelligence and Security Center (NCSC), and the Air Force Office of Special Investigations (AFOSI) warned that foreign intelligence entities were infiltrating and subverting space industry through various means, including hacking campaigns.

ESET has released its H2 2023 threat report, which highlights cybercriminals' use of the ChatGPT name, the rise of the Lumma Stealer malware, the Android SpinOk Software Development Kit (SDK) spyware, and other issues. In the second half of 2023, ESET blocked 650,000 attempts to access malicious domains with "chatgpt" or a similar string in the name. Lumma Stealer, also known as LummaC2 Stealer, is a Malware-as-a-Service (MaaS) threat that targets multiple cryptocurrency wallets, user credentials, and Two-Factor Authentication (2FA) browser extensions.

The US Cybersecurity and Infrastructure Security Agency (CISA) included creating a "security.txt" file as one of the priority Cybersecurity Performance Goals (CPGs). When security researchers and bug hunters find flaws in an organization's ecosystem, they must know who to contact. Researchers may be unable to quickly determine where to report vulnerabilities if there are no clear reporting channels in place, leaving the organization vulnerable to attackers. However, all organizations can overcome this challenge using a simple security.txt file.