"Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild.
“There are indications that the following [vulnerabilities] may be under limited, targeted exploitation,” reads Google’s bulletin, highlighting CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136."
"The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice.
In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union's General Data Protection Regulation (GDPR).
"Poly Network platform suspended its services during the weekend due to a cyber attack that resulted in the theft of millions of dollars in crypto assets.
Threat actors have stolen millions of dollars worth of crypto assets from the Poly Network platform during the weekend.
The platform suspended its services due to the cyber attack to investigate the security breach and assess the extent of the incident."
"Starting today, Twitter is no longer accessible on web and mobile apps if you don’t have an account, forcing all users to log in if they want to get access to the platform.
If you're not already logged in, you will get redirected to a "Sign in to Twitter" screen, where you're prompted to either sign into your account or sign up for one.
"Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager.
Proton has been offering various privacy-focused products and services for some time, including the end-to-end encrypted Proton Mail email service, the Proton VPN service, and the Proton Drive cloud storage service.
"Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software. Threat actors can exploit the vulnerability to bypass authentication and gain admin privileges.
"Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive.
An analysis of the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations led to the discovery of more than 13,000 individual hosts exposed to Internet access, distributed across over 100 systems linked to FCEB agencies.
"Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution.
The zero trust access solution allows organizations to view devices and users on the network and provides granular control over network access policies.
Tracked as CVE-2023-33299 (CVSS score of 9.6), the critical flaw is described as an issue related to deserialization of untrusted data that can lead to remote code execution (RCE).
"A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.
Super Mario 3: Mario Forever is a free-to-play remake of the classic Nintendo game developed by Buziol Games and released for the Windows platform in 2003.
"A study conducted by Aqua researchers revealed that millions of GitHub repositories are potentially vulnerable to RepoJacking.
In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue repository with the same name to trick users into downloading its content."
