About 1,450 pfSense instances are vulnerable to command injection and Cross-Site Scripting (XSS) flaws that, if exploited together, could allow attackers to conduct Remote Code Execution (RCE) on the appliance. The pfSense solution is an open-source firewall and router software with extensive customization and deployment flexibility. It meets specific needs while providing various features typically found in expensive commercial products. SonarSource researchers found three flaws that affect pfSense 2.7.0 and older, as well as pfSense Plus 23.05.01 and older, in mid-November.

Interpol has announced Operation Storm Makers II, a joint effort by 27 Asian countries to target cyber-fraud operations engaged in human trafficking to carry out scams. However, it appears that this type of operation is also spreading to other parts of the world. According to Interpol's announcement of the operation, victims are promised well-paying jobs in Southeast Asia, but are instead forced to commit large-scale online fraud while enduring severe physical abuse.

According to SafeGuard Cyber, 42 percent of businesses report that employees using Bring Your Own Device (BYOD) devices in business settings involving tools such as WhatsApp have caused new security incidents. Messaging platforms such as WhatsApp, Telegram, Slack, and Teams face constant threats, underscoring the importance of strong security. WhatsApp is becoming increasingly popular for business communication, but it is not without risk.

A phishing campaign has been delivering MrAnon Stealer, an information stealer malware, to unsuspecting victims through booking-themed PDF lures. According to Fortinet FortiGuard Labs researcher Cara Lin, this malware is a Python-based information stealer compressed with cx-Freeze to avoid detection. MrAnon Stealer grabs credentials, system information, browser sessions, and cryptocurrency extensions. This article continues to discuss findings regarding MrAnon Stealer.

According to researchers, firmware vulnerabilities that may impact 95 percent of computers allow hackers to bypass boot security and execute malware upon startup. The flaws come from image parsers in Unified Extensible Firmware Interface (UEFI) system firmware that are used to load logo images on startup screens.

A new study published in the International Journal of Electronic Finance examined security issues related to personal data processing in the interconnected landscape. A team of academic researchers in India explored the complexities of data privacy and security, highlighting issues such as diverse data and sensors in mobile devices, the use of various identifiers, and consumer monitoring. One major source of concern has been the difficulty in enforcing data protection regulations within the mobile app ecosystem, like the General Data Protection Regulation (GDPR) rules.

A new publication from the National Institute of Standards and Technology (NIST) offers guidance on using a type of mathematical algorithm known as differential privacy to help data-centric organizations strike a balance between privacy and accuracy. Using differential privacy, the data can be made public without revealing the identities of the individuals in the dataset.

Cold storage and logistics giant Americold has recently confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware.  Americold employs 17,000 people worldwide and operates more than 24 temperature-controlled warehouses across North America, Europe, Asia-Pacific, and South America.

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack.  Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.  Following a claim from the Medusa ransomware gang about successfully compromising the Japanese automaker's division, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa.

The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a Cybersecurity Technical Report (CTR) titled "Securing the Software Supply Chain: Recommended Practices for Managing Open Source Software and Software Bill of Materials." The CTR expands on the "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices" paper.