Google fixes 8th Chrome zero-day exploited in attacks this year
#Vulnerabilities
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year.
ALPHV/BlackCat
#Threat Actors
The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation (FBI).
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims
#Threat Actors
The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use.
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers
#Threat Actors
Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities.
The “2023 CWE Top 10 KEV Weaknesses” list, which lists the top ten CWEs in the Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities (KEV) Catalog,” is now available
#Research
This list, providing additional information that organizations can use in their efforts to mitigate risk, was announced by the Homeland Security Systems Engineering and Development Institute. It is sponsored by the Department of Homeland Security and operated by the non-profit MITRE.
ACN (Agenzia per la Cybersicurezza Nazionale) has published the Guidelines on password storage
#Research
The document, created in collaboration with the Italian Privacy Guarantor, is the first in a series that will help protect the cyberspace.