The DPRK's Lazarus threat group allegedly breached over 100 devices in several countries, including the U.S., Canada, Japan and Taiwan, according to Microsoft.
Several new attacks leveraging Bluetooth vulnerabilities, collectively tracked as CVE-2023-24023 and dubbed BLUFFS, have been identified by EURECOM to enable adversary-in-the-middle intrusions between connected devices by compromising the forward and future secrecy mechanisms of Bluetooth, reports The Hacker News.
Jamf says North Korean subgroup of the financially motivated Lazarus Group targets specific users the threat actors believe have access to cryptocurrency.
The UK has disputed a report from The Guardian noting that its Sellafield nuclear site had its networks hacked by Russia- and China-linked hacking groups, stating that there has been no evidence suggesting such a compromise, according to Reuters. "Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.
The Forum of Incident Response and Security Teams (FIRST) published CVSS 4.0 with an eye toward delivering finer granularity around threat intelligence metrics.