A recent North Korean attack on a Taiwanese company spreads malware to the United States, Canada, Japan and Taiwan. Microsoft discovered that a hacker gang known as Diamond Sleet gained access to a Taiwan software company CyberLink Corporation producers of audio, video, and photo editing software. They added malware to the application installer and managed to get their modified version signed with a CyberLink certificate and hosted on a valid update system. The code checks to see if security software from CrowdStrike, FireEye, or Tanium is present before running the malicious code.

The latest variant of DJVU ransomware, codenamed Xaro, is distributed in the form of cracked software. The DJVU variant appends the .xaro extension to affected files and demands a ransom for a decryptor. It has been observed infecting systems along with other commodity loaders and infostealers. DJVU, which is a variant of the STOP ransomware, typically masquerades as legitimate services or applications. It is also delivered as a SmokeLoader payload. This article continues to discuss the new variant of the DJVU ransomware.

Tenable researchers have released proof-of-concepts (POCs) for now-patched critical security vulnerabilities in Arcserve's Unified Data Protection (UDP) solution. Arcserve UDP is a widely used enterprise data protection, backup, and disaster recovery solution that helps organizations improve resiliency against ransomware attacks. This article continues to discuss the potential exploitation and impact of the vulnerabilities affecting Arcserve UDP.

The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, which may have put sensitive space-related technology and data at risk.  The security breach was discovered this Fall when law enforcement authorities alerted Japan's space agency that its systems were compromised.  Chief Cabinet Secretary of Japan Hirokazu Matsuno revealed that attackers gained access to the agency's Active Directory (AD) server, a crucial component overseeing JAXA's network operations.

By grigby1 

By krahal

By aekwall 

Researchers at Eurecom have developed six new attacks collectively dubbed BLUFFS that can breach Bluetooth session confidentiality, enabling device impersonation and Man-in-the-Middle (MitM) attacks. BLUFFS exploits two previously unknown vulnerabilities in the Bluetooth standard related to how session keys are derived for decrypting data in exchange. These flaws are architectural rather than hardware or software configuration-specific, affecting Bluetooth at a fundamental level.

Researchers from Bishop Fox have reported that organizations using Ray, an open-source framework for scaling Artificial Intelligence (AI) and Machine Learning (ML) workloads, could face attacks due to three unpatched vulnerabilities in the technology. The flaws allow attackers to gain operating system access to all nodes in a Ray cluster, enable Remote Code Execution (RCE), escalate privileges, and more. The Bishop Fox researchers discovered the flaws in August and reported them to Anyscale, which sells a fully managed version of the technology.

Okta recently revealed that hackers stole information on all users of its customer support system in a network breach two months ago.  The company notified customers that it had determined hackers had downloaded a report containing data, including names and email addresses of all clients who use its customer support system.  Okta's shares slumped in October after the company said that the breach allowed some hackers to view files uploaded by certain clients.  Okta provides identity services such as single sign-on and multi-factor authentication.