Security
Headlines
HeadlinesLatestCVEs

Source

Malwarebytes

A week in security (December 18 – December 24)

A list of topics we covered in the week of December 18 to December 24 of 2023

Malwarebytes
Open in Source
#vulnerability#web#mac#google#microsoft#rce#zero_day#chrome
Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed

Xfinity has notified customers that due to exploitation of the Citrix Bleed vulnerability, attackers were able to access personal data of almost 36 million customers.

How does ThreatDown Vulnerability Assessment and Patch Management work?

Dive into the inner workings of ThreatDown Vulnerability Assessment and Patch Management

How Outlook notification sounds can lead to zero-click exploits

A researcher found two Microsoft vulnerabilities which could be combined to achieve zero-click remote code execution.

Update Chrome now! Emergency update patches zero-day

Google has issued an emergency update for Chrome that fixes an actively exploited zero-day vulnerability in the WebRTC component.

US pharmacy Rite Aid banned from operating facial recognition systems

Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by the FTC.

Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL)

Learn how RaaS gangs use LOTL tactics in their attacks on organizations.

FBI issues advisory over Play ransomware

The FBI, CSA, and ACSC have released a joint cybersecurity advisory about the Play ransomware group and their MO.

New MetaStealer malvertising campaigns

In recent malvertising campaigns, threat actors dropped the MetaStealer information stealer, more or less coinciding with a new version release.

Mr. Cooper leaks personal data of 14 million loan and mortgage customers

Loan and mortgage giant Mr. Cooper reported a data breach in which the personal data of 14.7 million homeowners were stolen.