Top News

• Meta fined €265M for not protecting Facebook users' data from scrapers

"Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide.
This concludes the DPC's investigation of potential GDPR violations by Meta, launched on April 14, 2021, following the publishing of data belonging to 533 million Facebook users on a hacker forum.

Top News

• 5.4 million Twitter users' stolen data leaked online — more shared privately

"Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum.
Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher, demonstrating how widely abused this bug was by threat actors.

Top News

• New Windows Server updates cause domain controller freezes, restarts

"Microsoft is investigating LSASS memory leaks (caused by Windows Server updates released during the November Patch Tuesday) that might lead to freezes and restarts on some domain controllers.
LSASS (short for Local Security Authority Subsystem Service) is responsible for enforcing security policies on Windows systems, and it handles access token creation, password changes, and user logins.

Top News

• Pro-Russian hacktivists take down EU Parliament site in DDoS attack

"The website of the European Parliament has been taken down following a DDoS (Distributed Denial of Service) attack claimed by Anonymous Russia, part of the pro-Russian hacktivist group Killnet.
European Parliament President confirmed the incident saying that the Parliament's "IT experts are pushing back against it & protecting our systems."

Top News

• Backdoored Chrome extension installed by 200,000 Roblox players

"Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform.
BleepingComputer has been able to analyze the extension code which indicates the presence of a backdoor, introduced either intentionally by its developer or after a compromise."

Top News

• Cisco Secure Email Gateway Filters Bypassed Due to Malware Scanner Issue

"An anonymous researcher has disclosed several methods that can be used to bypass some of the filters in Cisco’s Secure Email Gateway appliance and deliver malware using specially crafted emails.
In a November 14 post on the Full Disclosure mailing list, the researcher said they had been in contact with the vendor, but claimed they did not receive a satisfactory response within a given timeframe.

Top News

• PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

"Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell.
The two flaws are:
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability

Top News

• U.S. charges Russian suspects with operating Z-Library e-Book site

"Anton Napolsky (33) and Valeriia Ermakova (27), two Russian nationals, were charged with intellectual property crimes linked to Z-Library, a pirate online eBook repository. The defendants were arrested on November 3, 2022, in Argentina by the country's authorities at the request of U.S. law enforcement."

Link