"Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent."
"The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake content to perform sextortion attacks."
TLP1 : Green
"Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild.
Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023."
"VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023."
TLP1 : Green
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
The threat actor appears to be targeting Spanish-speaking users in the Americas and, based on our analysis, may be located in Brazil.
"Amazon will fork over $30m in fines for multiple privacy violations, including allowing Ring employees to spy on customers, creating a security atmosphere ripe for hackers, and illegally keeping Alexa recordings of children’s voices.
In the first set of charges, the US Federal Trade Commission (FTC) says Amazon’s home security camera company, Ring, violated customer privacy by allowing any Ring employee or contractor to access consumers’ private videos.
"A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times.
Security researchers at Dr. Web discovered the spyware module and tracked it as 'SpinOk,' warning that it can steal private data stored on users' devices and send it to a remote server.
"Google on Thursday announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users, allowing them to automatically acquire and renew TLS certificates for free.
"A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files.
Earlier this month, Google began offering the ability to register ZIP TLD domains, such as bleepingcomputer.zip, for hosting websites or email addresses.
"Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.
