DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor. (Dark Reading)
| “This is a reminder to read the fine print. The 23andMe terms of service (ToS) limits their liability on the very scientific data that is the blueprint to your identity.” – Connie Hernandez, Contract Manager at Ingalls Information Security |
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS, and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. (The Hacker News)
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International Institute of Information Technology (IIIT) at Hyderabad said that their tests showed that most password managers for Android are vulnerable to AutoSpill, even if there is no JavaScript injection. (BleepingComputer)
The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack targeted a private group water scheme in the Erris area, and reportedly impacted 180 people in Binghamstown and Drum, leaving them without water on Thursday and Friday. (SecurityWeek)
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. (The Hacker News)