"Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
"Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality.
The apps, both from the same publisher, can launch without any interaction from the user to steal sensitive data and send it to servers in China.
"Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild.
“There are indications that the following [vulnerabilities] may be under limited, targeted exploitation,” reads Google’s bulletin, highlighting CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136."
"The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice.
In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union's General Data Protection Regulation (GDPR).
"Poly Network platform suspended its services during the weekend due to a cyber attack that resulted in the theft of millions of dollars in crypto assets.
Threat actors have stolen millions of dollars worth of crypto assets from the Poly Network platform during the weekend.
The platform suspended its services due to the cyber attack to investigate the security breach and assess the extent of the incident."
"Starting today, Twitter is no longer accessible on web and mobile apps if you don’t have an account, forcing all users to log in if they want to get access to the platform.
If you're not already logged in, you will get redirected to a "Sign in to Twitter" screen, where you're prompted to either sign into your account or sign up for one.
"Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager.
Proton has been offering various privacy-focused products and services for some time, including the end-to-end encrypted Proton Mail email service, the Proton VPN service, and the Proton Drive cloud storage service.
"Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Threat actors can exploit the vulnerability to bypass authentication and gain admin privileges.
"Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive.
An analysis of the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations led to the discovery of more than 13,000 individual hosts exposed to Internet access, distributed across over 100 systems linked to FCEB agencies.
"Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution.
The zero trust access solution allows organizations to view devices and users on the network and provides granular control over network access policies.
Tracked as CVE-2023-33299 (CVSS score of 9.6), the critical flaw is described as an issue related to deserialization of untrusted data that can lead to remote code execution (RCE).
