Security
Headlines
HeadlinesLatestCVEs

Source

Malwarebytes

A week in security (December 4 – December 10)

A list of topics we covered in the week of December 4 to December 10 of 2023

Malwarebytes
#vulnerability
Meta’s Purple Llama wants to test safety risks in AI models

Meta's Project Llama aims to help developers filter out specific items that might cause their AI model to produce inappropriate content.

US government is snooping on people via phone push notifications, says senator

Government agencies have been asking Apple and Google for metadata related to push notifications, but the companies aren't allowed to tell users about it.

Android phones can be taken over remotely – update when you can

Android phones are vulnerable to attacks that allow a remote execution of malicious code and it requires no user interaction.

Windows 10 gets its own extended security updates program

Microsoft announced it will offer a similar extended security updates program for Windows 10 as it did for Windows 7

Adobe Coldfusion vulnerability used in attacks on government servers

CISA has published an advisory about a vulnerability in Adobe Coldfusion used in two attacks against federal agencies.

Roblox and Twitch provider Tipalti breached by ransomware

Accounting software provider Tivalti is investigating ALPHV/BlackCat claims it was breached. In a typical supply-chain attack ALPHV is threatening some of their customers like Roblox and Twitch

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

23andMe has released new details about the credential stuffing attack that took place in October.

Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24

This week on the Lock and Code podcast, we speak with Allan Liska about why a ransomware group tattled on its own victim, and what to expect next year.