Latest Facebook app update caused a strange glitch on the app that resulted in
users sending unprompted friend requests. Meta quickly fixed the situation.

App bugs that affect user privacy in some way are more common than people might
think. Some bugs are more straightforward, like the one affecting ChatGPT, which
led to the leak of personal information and chat logs. But other bugs behave in
a much stranger way.

Meta said a bug introduced with their latest update would trigger the app to
imme

The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023.
An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom firmware implant designed explicitly for TP-Link routers.
“The implant features several malicious

Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.

Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, education, and telecom organizations in South and Southeast Asia in an activity that has been ongoing for the past five years, according to Symantec. The group has been seen carrying out the activity with the motive of intelligence gathering.

Lancefly has been deploying the Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on corporate networks.

To read this article in full, please click here

Ransomware affiliates associated with the Qilin ransomware-as-a-service (RaaS) scheme earn anywhere between 80% to 85% of the ransom payments, according to new findings from Group-IB.
The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details about the affiliates’ payment structure and the inner workings of the RaaS program following a private conversation

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-25717 – Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the […]

The post CISA adds Ruckus bug and another six flaws to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.