SecurityWeek

A total of 21 new malware families targeting macOS systems were discovered in 2023, a 50% increase compared to 2022. 

Xerox says personal information was stolen in a cyberattack at US subsidiary Xerox Business Solutions.

The hacking of a municipal water plant is prompting new warnings from U.S. security officials at a time when governments are wrestling with how to harden water utilities against cyberattacks.

Security appliances are amongst the most riskiest enterprise devices and are a often method for threat actors to infiltrate a business.

A vulnerability in Black Basta ransomware’s encryption algorithm allows researchers to create a free decryptor.

Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.

Google agreed to settle a $5 billion privacy lawsuit claiming that it continued spying on people who used the “incognito” mode in its Chrome browser.

Noteworthy stories that might have slipped under the radar: Ubisoft investigating alleged hack, NASA releases security guidance, TikTok scares iPhone users. 

DoD is requesting public opinion on proposed changes to the Cybersecurity Maturity Model Certification program rules.

Two flaws in Google Kubernetes Engine could be exploited to escalate privileges and take over the Kubernetes cluster.

Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070.

EasyPark says hackers stole European customer information, including partial IBAN or payment card numbers. 

Eagers Automotive, a vehicle dealer in Australia and New Zealand, has halted trading after being targeted in a cyberattack.

Albania’s Parliament said it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services.

Palo Alto Networks completed the acquisition of Talon Cyber Security, an Israeli startup selling a secure browser technology to enterprise customers.

While AI can significantly bolster defense mechanisms, it also equips adversaries with powerful tools to launch sophisticated cyberattacks.

LoanCare is informing 1.3 million individuals that their personal information was compromised in a data breach.

The DragonForce ransomware group has taken credit for the Ohio Lottery hack, claiming to have stolen millions of data records.

iOS zero-click attack targeting Kaspersky iPhones bypassed hardware-based security protections to take over devices.

The new Barracuda ESG zero-day CVE-2023-7102 has been used by Chinese hackers to target organizations in the US and APJ region.