A network of fake Twitter accounts are impersonating crypto security firms to phish panicked victims, stealing over $300,000 in assets so far.

Web3 is Going Just Great

Network of fake Twitter accounts impersonating crypto security firms phish panicked victims

On the evening of November 14 I logged on to Twitter to notice that #OpenSeaHackAlert and related hashtags were trending. But they were trending no...

Despite repeated warnings, developers continue to embed sensitive credentials such as keys, tokens, and passwords in their source code, leading to security breaches, as evidenced by Uber's 2015 incident and the thousands of secrets found in Python projects on PyPI. This widespread issue persists across various programming languages and repositories, with some exposed credentials still active and posing security risks. Secure alternatives for credential management do exist, such as environment files and secret management services provided by cloud platforms.

Ars Technica

Developers can’t seem to stop exposing credentials in publicly accessible code

Many transgressions come from "very large companies that have robust security teams."

Google is adjusting their search rankings to prioritize first-hand knowledge and personal experiences, rather than just relying on information that's been gathered and aggregated from other sources. This means that when you search for something, you'll be more likely to see results from people who have firsthand knowledge or personal experience with the topic, rather than just information that's been repackaged and rehashed from other sources. This should make it easier to find authentic, relevant information on the things you're searching for.

Search Engine Journal

Google Alters Search Rankings To Prioritize First-Hand Knowledge

Google announced changes to Search to prioritize content that demonstrates first-hand knowledge, and a new way to deliver personalized results.

Living off the land attacks, or LOTL attacks, are a growing concern for IT departments because they are particularly difficult to detect and prevent. These attacks use legitimate software and functions already present in a system to perform malicious actions, making them harder to identify and stop than traditional malware attacks. This type of attack is particularly effective against organizations with limited security resources or those that have not implemented robust security protocols. IT departments need to be aware of LOTL attacks and take steps to protect their systems against them, such as implementing multifactor authentication, limiting user privileges, and regularly updating security software.

Redmondmag

Why IT Should be Concerned with

What was once a somewhat novel attack approach has gained popularity in the face of rising nation-state threat actors.

Scientists at UT Southwestern Medical Center have developed a device that keeps a brain alive and functioning independently from the body. The device, called extracorporeal pulsatile circulatory control, successfully maintained brain activity for five hours in an experiment with a pig brain isolated from the body. This breakthrough could lead to new research opportunities for studying the brain and potential advancements in brain transplants.

The Independent

Scientists invent device to keep brain alive while severed from the body

Device allows new technology and research that has ‘never been done’, scientists say

Kaspersky predicts that in 2024, cyber threats will evolve to target mobile and smart devices, involve more advanced botnets and kernel rootkits, and include cyber elements in geopolitical conflicts as well as advancements in AI-assisted spear-phishing. https://securelist.com/kaspersky-security-bulletin-apt-predictions-2024/111048/

On November 14, 2023, Microsoft's security update addressed 57 vulnerabilities, including three critical zero-day flaws affecting Windows systems and Microsoft Office. Among the vulnerabilities, CVE-2023-36033 and CVE-2023-36036 allow elevation of privilege, while CVE-2023-36025 can bypass Windows Defender SmartScreen. Cisco Talos identified a remote code execution vulnerability in Excel, and new Snort rules have been released to help detect and prevent exploitation of these security issues.

Cisco Talos Blog

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

The Australian Taxation Office has recently clarified its stance on capital gains #tax treatment of decentralized finance and wrapped #cryptocurrency tokens. According to the guidance, CGT will apply to wrapped tokens and #DeFi activities, such as lending and borrowing. This means that individuals who engage in these activities will be required to report capital gains and losses to the ATO. The move is aimed at increasing #transparency and #compliance in the #cryptocurrency space, and ensuring that taxpayers pay their fair share of #taxes.

Cointelegraph

Australia to impose capital gains tax on wrapped cryptocurrency tokens

“The capital proceeds for the CGT event are equal to the market value of the property you receive in return for transferring the crypto asset,”...

Oh man, the #CacheWarp attack is serious business! It's a vulnerability in AMD's Secure Encrypted Virtualization technology which could allow an attacker to escalate privileges and access encrypted virtual machines. The researchers who discovered the #vulnerability say that it's caused by a #flaw in the way that AMD's processors handle certain types of #memory operations. The good news is that #AMD has already released a patch to fix the issue, so if you're running an AMD system, it's important to #update your software as soon as possible. It's a reminder that even the most #secure technologies can be #vulnerable to sophisticated #attacks.

The Hacker News

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

Researchers uncover new "CacheWarp" attack on AMD's SEV technology. It could lead to privilege escalation in encrypted VMs.

Bitcoin #wallets older than 2016 could be #vulnerable to critical #security flaws, potentially putting over $1 billion at risk. Many wallets were built on open-source software with weak random number generators, making them susceptible to brute-force #attacks. Unciphered has contacted over a million people to address the issue, but millions more may be affected with no direct way to notify them.

Gizmodo

Millions of Old Bitcoin Wallets Have Critical Security Flaws, Experts Say

If you're using a wallet older than 2016, you need to act fast.