Recent Firefox Zero-Day Exploited Against Tor Browser Users Patches for CVE-2024-9680, which were included in Firefox version 131.0.2 and Firefox ESR versions 128.3.1 and 115.16.1, are rolling out in Tor browser version 13.5.7. The Tor Project noted that Mozilla is aware of attacks exploiting CVE-2024-9680 against Tor Browser users. “Using this vulnerability, an attacker could take control of Tor browser, but probably not deanonymize you in Tails,” Tor’s maintainers explained. See more:

SecurityWeek

Tor Browser Update Patches Exploited Firefox Zero-Day

Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.

#security #cybersecurity #privacy

Jetpack fixes critical information disclosure flaw existing since 2016 WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites. The issue was discovered during an internal audit and impacts all Jetpack versions since 3.9.9, released in 2016. See more:

BleepingComputer

Jetpack fixes critical information disclosure flaw existing since 2016

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access form...

The Hacker News

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

Jetpack releases a critical security update to fix a vulnerability affecting 27 million WordPress sites.

#security #cybersecurity

Chinese Scientists Report Using Quantum Computer to Hack Military-grade Encryption Looks like marketing for D-Wave crap, but you never know. What if 🤷‍♂️ See more:

The Quantum Insider

Chinese Scientists Report Using Quantum Computer to Hack Military-grade Encryption

Chinese researchers, using a D-Wave device, claim to have executed the first successful quantum attack on widely used encryption algorithms.

#privacy #security

If you want to track the latest news about cyber security and privacy, check the zCat! zCat is an Android app, which lets you create your own news feed. It also tracks ZCash, privacy focused cryptocurrency based on ZK 😎 https://play.google.com/store/apps/details?id=crypto.crab.app.zcat #zcash #privacy #security

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround. See more:

The Hacker News

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Unpatched CVE-2024-9441 flaw in Nice Linear eMerge E3 systems exposes organizations to severe cyber risks.

#security #hacking

69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail In fact, thanks to Bitcoin's wild appreciation in recent years, it appears to be the largest ever criminal seizure of money of any kind to be added to the US federal budget. The $4.4 billion in crypto from Silk Roads case is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent Tigran Gambaryan who seized the record-breaking sum, meanwhile, languishes in a Nigerian jail cell. The Nigerian government detained Gambaryan, took his passport, and has now jailed him for over six months, charging him with money laundering and tax evasion as a proxy for his employer (Binance). See more:

WIRED

69,000 Bitcoins Are Headed for the US Treasury—While the Agent Who Seized Them Is in Jail

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the record-b...

#bitcoin

Fidelity Investments says data breach affects over 77,000 people Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. When asked how the attacker could access the data of thousands of customers using two accounts they previously created, Michael Aalto, Fidelity's head of external corporate comms, told BleepingComputer they couldn't share that information and added that "they did not view accounts. They viewed customer information". See more:

BleepingComputer

Fidelity Investments says data breach affects over 77,000 people

Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was...

#security #privacy

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches," GitLab said in an advisory. See more:

The Hacker News

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

GitLab fixes eight security flaws, including a critical CI/CD pipeline vulnerability CVE-2024-9164. Update now!

#security

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation "Three market makers — ZM Quant, CLS Global, and MyTrade — along with their employees are charged with allegedly wash trading and/or conspiring to wash trade on behalf of NexFundAI, a cryptocurrency company and token created at the direction of law enforcement as part of the government's investigation," the DoJ said. "A fourth market maker, Gotbit, its CEO, and two of its directors are also charged for perpetrating a similar scheme." Some says they joined CIA and NSA club with releasing crypto to track criminal activity 👀 See more:

The Hacker News

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

U.S. DoJ charges 18 in a $25M cryptocurrency fraud operation, uncovering market manipulation through an FBI-led sting.

#security #privacy #crypto

Tails 6.8.1 is out:

Tails - Tails 6.8.1

It's an emergency release to fix a critical security vulnerability in Tor Browser. Change log:

GitLab

debian/changelog · master · tails / tails · GitLab

Welcome to the Tails project GitLab instance!

Original post on Twitter:

X (formerly Twitter)

Tails (@Tails_live) on X

Tails 6.8.1 is out: https://t.co/uBxVAT11Mm It's an emergency release to fix a critical security vulnerability in Tor Browser.

#privacy #security