An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. (The Hacker News)
A recently identified dropper-as-a-service (DaaS) uses a novel technique to bypass Android’s security restrictions for payload delivery, online fraud detection firm reports. (SecurityWeek)
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Rhysida Ransomware, to disseminate known Rhysida ransomware indicators of compromise (IOCs), detection methods, and tactics, techniques, and procedures (TTPs) identified through investigations as recently as September 2023. (CISA)
Moving to clamp down on the growing scourge of SIM-swapping and port-out fraud, the Federal Communications Commission (FCC) has unveiled new rules mandating telcos to give consumers greater control of their mobile phone accounts. (SecurityWeek)
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild.
Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. (The Hacker News)