"Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain."
TLP1 : Green
"Git is the most popular open-source, distributed version control system (VCS) developed nearly 20 years ago by Finnish-American software engineer Linus Torvalds. It coordinates work among programmers developing source code and allows to track changes."
TLP1 : Green
"Germany's cybersecurity chief was sacked on Tuesday after a TV satire show accused him of having ties to Russian intelligence services, with the country on high alert over potential sabotage activities by Moscow.
Arne Schoenbohm, head of the Federal Cyber Security Authority (BSI), had been at the centre of intense speculation since the popular show accused him in early October of contacts with Russia.
"Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (a.k.a. Winnti) that breached government organizations in Hong Kong and remained undetected for a year in some cases.
The threat actor has been using custom malware called Spyder Loader, which has been previously attributed to the group.
"Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract.
Lansweeper develops asset management and discovery software that allows customers to track what hardware and software they are running on their network.
"A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online.
The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted.
"A new version of an unofficial WhatsApp Android application named 'YoWhatsApp' has been found stealing access keys for users' accounts.
YoWhatsApp is a fully working messenger app that uses the same permissions as the standard WhatsApp app and is promoted through advertisements on popular Android applications like Snaptube and Vidmate.
"Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws.
Thirteen of the 84 vulnerabilities fixed in today's update are classified as 'Critical' as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities.
(...)
"According to cybersecurity experts, this may be used for political propaganda, foreign influence activity, disinformation, scams, and fraud.
Introduced by Canadian researchers to the public in 2014, Generative Adversarial Networks (GANs), typically imitate people’s faces, speech, and unique facial gestures, they have become known to online communities as DeepFakes.
"A dark web carding market named 'BidenCash' has released a massive dump of 1,221,551 credit cards to promote their marketplace, allowing anyone to download them for free to conduct financial fraud.
Carding is the trafficking and use of credit cards stolen through point-of-sale malware, magecart attacks on websites, or information-stealing malware.
