Category: Cybersecurity

• Passenger, Angela Nicole Killian, 44, berated and mocked cops, including their penis size, while being arrested for public intoxication at Dallas-Fort Worth Airport
• Killian, a banker, was denied boarding on a flight to Colombia and arrested after staff accused her of hitting them with her phone in a rage
• She had a history of heavy drinking on work trips, leading to her arrest and subsequent firing from Capital One
• Killian’s behavior included bullying colleagues, excessive drinking, and confrontations during client events
• Despite being known for her professionalism at work, Killian’s behavior escalated to insults and abuse towards police during her arrest, resulting in charges of resisting arrest and public intoxication

https://www.dailymail.co.uk/news/article-13215217/Dallas-airport-American-Airlines-passenger-Angela-Killian-arrest.html…

• Secret backdoor discovered in XZ Utils compression library affecting major Linux distros like Fedora, Kali Linux, and openSUSE.
• RedHat issued an urgent security alert about the backdoored XZ Utils versions 5.6.0 and 5.6.1, with a severity score of 10.0.
• Malicious code inserted into XZ Utils library can compromise the sshd daemon process for SSH, potentially allowing unauthorized remote access.
• Microsoft security researcher Andres Freund identified the issue, linked to a user named JiaT75 on GitHub, prompting GitHub to disable the XZ Utils repository.
• CISA recommends downgrading XZ Utils to a safe version, with active exploitation not reported yet and certain Linux distributions unaffected.

https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html…

• “App Lock” is an iPhone app that provides protection and the ability to hide any app on the device.
• It utilizes the Screen Time API to lock apps with Face ID or Touch ID, offering a feature not native to iOS.
• The app organizes apps by category, making it easy to hide or lock multiple apps simultaneously.
• Users can lock apps with biometrics and completely hide chosen apps, even from the App Library.
• App Lock offers advanced options for additional security measures and requires iOS 16 or later for compatibility.

https://9to5mac.com/2024/03/29/app-lock-hide-iphone-home-screen/…

• Linux xz backdoor alert: Red Hat advises STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES
• Malicious backdoor discovered in xz library affecting Fedora Linux 40 and Fedora Rawhide
• Vulnerability designated as CVE-2024-3094, rated 10 out of 10 in CVSS severity
• Supply-chain compromise may have been caught early, affecting bleeding-edge distros
• Backdoor allows unauthorized access via OpenSSH and systemd, potentially enabling remote intrusion

https://www.theregister.com/2024/03/29/malicious_backdoor_xz/…

• Linux XZ utilities backdoor (CVE-2024-3094) discovered, allowing unauthorized remote access to Linux systems
• Malicious code found in XZ libraries versions 5.6.0 and 5.6.1, enabling SSH authentication bypass
• Red Hat warns of obfuscated malicious injection in affected library versions, interfering with sshd authentication via systemd
• Vulnerable packages identified in Fedora 41 and Fedora Rawhide, with users advised to cease usage and contact information security teams
• CISA recommends downgrading XZ Utils to uncompromised versions, monitoring for malicious activity, and reporting findings to the agency

https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/…

• Backdoor discovered in widely used Linux utility xz Utils breaks encrypted SSH connections
• Malicious code planted by developer JiaT75 in versions 5.6.0 and 5.6.1
• Red Hat and Debian reported beta releases using backdoored versions; Arch Linux also affected
• Malicious versions interfere with SSH authentication, allowing unauthorized access
• Fedora 40 experienced incompatibilities preventing correct injection, reverted to 5.4.x versions

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/…

• Apple is suing former engineer Andrew Aude for leaking confidential information, including details about the Vision Pro and Journal app.
• Aude communicated with journalists over 1,400 times using an encrypted messaging app, sharing finalized product features.
• Aude joined Apple in 2016 as an iOS engineer with access to sensitive product information.
• Aude denied involvement in leaks initially, but later admitted to leaking information about Apple’s strategies and products to journalists.
• Apple is seeking damages, restitution, and an order preventing Aude from disclosing confidential information without consent.

https://www.theverge.com/2024/3/28/24115067/apple-leak-lawsuit-andrew-aude…

• Apple users are receiving numerous “reset password” requests on their devices, leading to potential phishing scams.
• Scammers are targeting Apple users with fake calls posing as Apple Support and bombarding them with password reset notifications.
• The phishing attacks involve tricking users into providing personal information and one-time passcodes to reset passwords and gain access to devices.
• Users have reported receiving multiple password reset requests and fake calls from scammers attempting to obtain sensitive data.
• Apple has not commented on the phishing attacks but advises users to be cautious of unsolicited calls and to hang up if suspicious.

https://gizmodo.com/apple-reset-password-phishing-scam-iphone-spoofing-call-1851370115…

• Apple Mac computers and iPad tablets are vulnerable to a serious exploit in M-series chips that can expose cryptographic keys, including those for crypto wallets.
• Researchers discovered a critical vulnerability in Apple’s M-series chips that allows attackers to access cryptographic keys through a technique called “prefetching.”
• Devices with M1, M2, and M3 chips are potentially susceptible to the exploit, while older Macs with Intel processors and iPads with A-series chips are not impacted.
• The vulnerability cannot be fixed with a patch, so the best course of action is to remove crypto wallets from vulnerable Apple devices to mitigate risk.
• While the exploit poses a serious threat, the likelihood of it affecting the average user is low, and precautions can be taken to safeguard against potential attacks.

https://decrypt.co/223582/apple-chip-exploit-steals-crypto-what-you-need-know…

• Telegram introduces controversial peer-to-peer SMS login service for premium membership, raising privacy concerns
• Users exchange phone number for OTP relay, potentially exposing personal information
• Maximum of 150 OTP messages per month sent by Telegram
• Users may incur additional charges for local and international SMS usage
• Privacy risks include potential for spam, fraud, and unauthorized access to Telegram accounts

https://techcrunch.com/2024/03/25/telegrams-peer-to-peer-sms-login-service-is-a-privacy-nightmare/…

• Telegram’s Peer-to-Peer Login program poses security risks by sharing phone numbers for a free subscription
• Allison Johnson, a tech reviewer, warns against opting into the risky program
• The program involves sharing phone numbers to send OTPs, with recipients able to see the numbers
• Telegram disclaims responsibility for any consequences of sharing phone numbers through the program
• The program raises concerns about privacy and security, potentially compromising Telegram’s reputation

https://www.theverge.com/2024/3/25/24111818/telegram-peer-to-peer-login-otp-two-factor-volunteer…

• Apple iOS 17.4.1 security details are vague, with important bug fixes and patches
• Apple typically provides specific security patch details shortly after a release, but has not done so for iOS 17.4.1
• The update may be significant, prompting Apple to withhold specifics until investigation is complete
• There is speculation that the security patches in iOS 17.4.1 may also apply to Mac and Apple Watch
• Users are advised to update their devices immediately for security reasons

https://9to5mac.com/2024/03/23/why-apple-is-being-vague-with-ios-17-4-1-details/…

• YouTube data privacy investigation reveals sharing of viewer information by Google to federal investigators
• Court documents show Google ordered to provide names, addresses, phone numbers, and user activity of YouTube accounts
• Investigators sought data on viewers of specific YouTube videos related to a criminal investigation
• Privacy experts express concerns over the legal justification and implications of the data retrieval
• Advocates urge Google to be more transparent about data-sharing policies and privacy protections

https://mashable.com/article/google-ordered-to-hand-over-viewer-data-privacy-concerns…

• Apple’s M-series chips have a security flaw that exposes encryption keys, making them vulnerable to attacks.
• The Biden administration warns of potential nationwide cyber attacks on US water systems by hackers from Iran and China.
• A new Russian wiper malware, AcidPour, has emerged, with expanded capabilities for disabling various devices.
• China-linked hacker group Earth Krahang targets and breaches numerous organizations globally, including government entities.
• A significant number of websites share user data with multiple third parties, raising privacy concerns.

https://www.wired.com/story/apple-m-chip-flaw-leak-encryption-keys/…

• Cable ISP Jefferson County Cable fined $10,000 by FCC for false broadband coverage claims
• Small ISP in Ohio admitted to providing inaccurate data to FCC to hinder competition
• FCC investigation revealed Jefferson County Cable violated Broadband Data Collection program requirements
• Comcast also under scrutiny for false data submissions, potential consequences unclear
• Smart Way Communications’ challenges led to discovery of Jefferson County Cable’s deceit

https://arstechnica.com/tech-policy/2024/03/cable-isp-fined-10000-for-lying-to-fcc-about-where-it-offers-broadband/…

• Apple Silicon has a hardware-level exploit that could leak private data
• University security researchers discovered a chip-level exploit in Apple Silicon Macs that bypasses encryption and accesses security keys
• The exploit, named GoFetch, utilizes Data Memory-Dependent Prefetchers in Apple’s M-series chips to access secure data without root access
• Apple may not be able to fix existing chips with software updates without compromising performance
• Users are protected if Apple’s Gatekeeper is enabled, as it restricts installations to trusted sources like the Mac App Store

https://www.engadget.com/apple-silicon-has-a-hardware-level-exploit-that-could-leak-private-data-174741269.html…

• University researchers discover unpatchable security flaw in Apple Silicon Macs, allowing attackers to break encryption
• Flaw in Data Memory-dependent Prefetchers (DMP) in M-series chips enables decryption of cryptographic keys
• Researchers create GoFetch app to exploit the vulnerability by manipulating data to leak the secret key over time
• Mitigations like ciphertext blinding and running cryptographic processes on efficiency cores are suggested but come with performance drawbacks
• Apple has not implemented protection against the vulnerability, and the long-term solution lies in addressing the flaw in future chip designs

https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/…

• Hotel keycard locks by Saflok can be hacked, allowing intruders to open any of the 3 million locks in seconds.
• Researchers discovered vulnerabilities in Saflok-brand RFID-based keycard locks, affecting 13,000 properties worldwide.
• The hacking technique involves exploiting encryption weaknesses and creating spoofed keycards using a $300 RFID device.
• Dormakaba is working on a fix, but only 36% of installed Saflok systems have been updated so far.
• Hotel guests can check their keycards with an app to see if the lock is still vulnerable and should take precautions if necessary.

https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/…

• The Apex Legends hacker tournament incident involved a hacker inserting cheats midgame during the Apex Legends Global Series, leading to the event’s postponement due to compromised competitive integrity.
• The hacker, identified as Destroyer2009, claimed the hacks were done for fun and to prompt developers to fix vulnerabilities, but did not disclose specifics due to lack of bug bounty program.
• Destroyer2009 inserted cheats into specific players’ games, modifying a real cheat software menu to include options like “VOTE PUTIN,” targeting players Geburten and ImperialHal.
• Respawn deployed updates to enhance player security following the incident, with the Apex Legends security team working diligently to address the situation.
• Easy Anti-Cheat confirmed no remote code execution vulnerability was exploited, alleviating concerns about potential widespread impact, although the hacker’s actions raised questions about game safety and the need for robust security measures.

https://techcrunch.com/2024/03/20/apex-legends-hacker-said-he-hacked-tournament-games-for-fun/…

• Respawn announces security updates for Apex Legends after ALGS hack
• Apex Legends hit by hacks during ALGS tournament, causing chaos
• Debate arises over Easy Anti-Cheat’s role in the hacks
• Respawn responds with new security measures to protect players
• No changes expected for Split 1 Playoffs, further updates to follow

https://www.dexerto.com/apex-legends/apex-legends-devs-break-silence-after-devastating-algs-hack-2600352/…

• The sneaky invisible texting trick kids love using to fool their parents is called “invisible ink”
• A concerned parent discovered their child sending concealed texts using Apple’s invisible ink tool
• Users can encrypt their message by using the invisible ink option in iMessage before sending
• Recipients can reveal the hidden message by tapping on the squiggly pixels
• Parents can disable the invisible ink tool by adjusting settings in Accessibility to prevent text-pionage

https://nypost.com/2024/03/19/tech/sneaky-invisible-texting-trick-kids-use-to-fool-parents-revealed/…

• Google Chrome warning issued for all Windows users regarding new Bing popup that may appear as malware
• Microsoft targeting Chrome users with Bing popups in an attempt to promote Edge and Bing as default options
• Users express frustration over persistent Bing promotions, likening them to malware and criticizing Microsoft’s aggressive marketing tactics
• Microsoft’s push for Edge and Bing on Chrome users raises concerns about the boundary between software vendor credibility and intrusive advertising
• Despite Microsoft’s dominance in Windows OS, Edge and Bing remain minor players compared to Chrome and Google Search

https://www.forbes.com/sites/zakdoffman/2024/03/15/google-chrome-warning-microsoft-windows-10-windows-11-free-upgrade/…

• Chinese mogul Guo Wengui funneled millions to key figures in MAGA World, including Steve Bannon and Jason Miller, as part of a fraudulent scheme.
• Legal proceedings have been initiated against Fox News, Jason Miller, Gettr, and others by a lawyer aiming to recover cash from Guo’s alleged fraudulent transfers.
• The trustee in Guo’s bankruptcy case seeks to recoup funds from entities like Gettr, alleging Guo used shell companies to hide wealth from creditors.
• Documents show financial ties between Guo and key players on the American right, with Bannon Strategic Advisors and Miller’s former firm receiving significant sums.
• The trustee also aims to retrieve funds paid by a Guo-led NGO to Bill Gertz’s nonprofit, implicating Gertz and Bannon in a criminal conspiracy according to the Department of Justice.

https://www.thedailybeast.com/chinese-mogul-guo-wengui-funneled-millions-to-bannon-fox-gettr-docs-show…

• Microsoft released Patch Tuesday updates to address 61 vulnerabilities, including critical flaws in Hyper-V.
• Two critical vulnerabilities in Windows Hyper-V could lead to denial-of-service and remote code execution.
• Privilege escalation flaws were also fixed in Azure, Windows, and Authenticator.
• Exploitation of the Authenticator flaw could allow attackers to access multi-factor authentication codes.
• The update also addressed vulnerabilities in Exchange Server, Print Spooler, and Open Management Infrastructure.

https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html…

• Google’s March 2024 Core Update has deindexed hundreds of websites, targeting AI-generated spam and emphasizing high-quality, human-generated content.
• Ian Nuttall’s analysis reveals that over 800 websites have been deindexed, representing approximately 1.7% of the monitored sites.
• The deindexed sites experienced a significant loss of over 20.7 million organic search visits per month and an estimated $446,552 in monthly advertising revenue.
• A study by Originality.ai found that 100% of deindexed sites showed signs of AI-generated content, indicating Google’s focus on combating AI-driven spam.
• Website owners need to adjust their strategies to prioritize quality and originality in response to Google’s crackdown on AI-generated content in the March 2024 Core Update.

https://www.searchenginejournal.com/googles-march-2024-core-update-impact-hundreds-of-websites-deindexed/510981/…

• Microsoft’s March 2024 Patch Tuesday has fixed 60 vulnerabilities, including 18 remote code execution flaws.
• The Patch Tuesday only addressed two critical vulnerabilities, focusing on Hyper-V remote code execution and denial of service flaws.
• The total count of 60 flaws excludes the four Microsoft Edge flaws fixed earlier in March.
• Microsoft did not disclose any zero-day vulnerabilities in the recent Patch Tuesday updates.
• Other vendors also released updates in March 2024, with Microsoft fixing various vulnerabilities in different products like Azure Kubernetes Service, Microsoft Office, and Skype for Consumer.

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2024-patch-tuesday-fixes-60-flaws-18-rce-bugs/…

• The Flipper Zero review analysis reveals that it is not responsible for the recent “Tesla hack” claims circulating online.
• The attack targeting Tesla owners involves a phishing scheme where malicious actors create a fake Tesla Guest WiFi network to steal login credentials.
• The Flipper Zero is showcased in a demo as a tool to generate the fake WiFi network, but other devices like laptops can perform the same function.
• The attack is theoretical and conducted in controlled conditions, aiming to prompt Tesla to enhance app security against such vulnerabilities.
• This type of attack is more about social engineering than traditional hacking, emphasizing the importance of user vigilance rather than blaming the Flipper Zero.

https://jalopnik.com/no-a-flipper-zero-is-not-a-tesla-stealing-multitool-1851318031…

• Roku ToS update controversy: Users locked out of devices until agreeing
• Customers express anger and frustration on Roku forums over new terms
• Opting out of ToS update requires sending a physical letter to Roku
• Roku criticized for lack of transparency and aggressive push for ToS changes
• New ToS focuses on dispute resolution terms, including forced arbitration

https://arstechnica.com/gadgets/2024/03/disgraceful-messy-tos-update-allegedly-locks-roku-devices-until-users-give-in/…

• Flipper Zero device used in WiFi phishing attack to unlock and steal Tesla cars
• Attack exploits Tesla app version 4.30.6 and software version 11.1 2024.2.7
• Researchers report security flaw to Tesla regarding lack of proper authentication
• Attacker can deploy fake Tesla Guest WiFi network to obtain victim’s credentials
• Adding a new Phone Key through the app allows unauthorized access to and control of the vehicle

https://www.bleepingcomputer.com/news/security/flipper-zero-wifi-attack-can-unlock-and-steal-tesla-cars/…

• Steal Tesla: Researchers use Flipper Zero to easily hijack Tesla vehicles through a social engineering attack.
• Design flaw allows hackers to swipe login information, access the Tesla app, and drive away without the owner’s knowledge.
• Attack involves setting up a fake Tesla login page on a WiFi network near a charging station to trick victims into revealing credentials.
• Once logged in, hackers can create a phone key to unlock and control the car, without the need for the physical key card.
• Mysk suggests Tesla should enforce key card authentication and notify users of new key creations to prevent such attacks and protect owners from losing their vehicles.

https://gizmodo.com/want-to-steal-a-tesla-try-using-a-flipper-zero-1851316236…

• Google updates Search Quality Evaluator Guidelines with details and examples to identify untrustworthy websites.
• The updated guidelines provide insights into how Google determines webpage trustworthiness.
• Characteristics of untrustworthy pages now include factual inaccuracies that erode user trust.
• Examples within the guidelines offer practical guidance for quality raters.
• Website owners and SEO professionals should adapt to these changes to improve search rankings and provide reliable information.

https://www.searchenginejournal.com/google-updates-search-quality-evaluator-guidelines/510521/…

• VMware issues emergency security update to address critical vulnerabilities in USB controllers under ESXi and desktop hypervisors
• Chinese researchers discovered flaws at a cracking contest, with the most severe rated 9.3/10 on VMware’s Workstation and Fusion and 8.4 on ESXi
• Vulnerabilities allow malicious actors with local administrative privileges to execute code outside the guest VM, posing significant risks
• Workarounds involve removing virtual USB controllers, potentially impacting functionality for some operating systems
• An out-of-bounds write vulnerability (CVE-2024-22254) could lead to an escape of the sandbox, highlighting the severity of the hypervisor flaws

https://www.theregister.com/2024/03/07/vmware_usb_critical_flaws/…

• VMware has released patches for critical sandbox-escape vulnerabilities affecting ESXi, Workstation, Fusion, and Cloud Foundation products.
• Four vulnerabilities, with two rated 9.3 out of 10, allow hackers to break out of sandbox and hypervisor protections.
• Vulnerabilities impact USB controllers, leading to code execution and sandbox escapes.
• Broadcom advises patching vulnerable products and suggests removing USB controllers as a temporary workaround.
• VMware is not aware of active exploitation of the vulnerabilities at this time.

https://arstechnica.com/security/2024/03/vmware-issues-patches-for-critical-sandbox-escape-vulnerabilities/…

• iPhone privacy settings off: The Journal app on iPhone may expose personal information, prompting the need to change privacy settings.
• Apple’s Journal app uses on-device machine learning to suggest journal entries based on location and activity data.
• Turning off “discoverable by others” prevents sharing of data with nearby iPhone users.
• Protect your privacy by adjusting the Journal app settings to avoid unwanted sharing of personal information.
• Kurt “CyberGuy” Knutsson provides guidance on how to safeguard your privacy on iPhone and avoid potential data exposure.

https://www.foxnews.com/tech/iphone-privacy-setting-you-need-to-turn-off…

• Apple releases critical updates to address actively exploited zero-day flaws CVE-2024-23225 & CVE-2024-23296 in iOS & iPadOS
• Updates include improved validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6
• Apple has now fixed three zero-day vulnerabilities in 2024, including a previous flaw in WebKit
• U.S. CISA adds two vulnerabilities to its Known Exploited Vulnerabilities catalog, urging updates by March 26, 2024
• Google and Fortinet have reported on limited exploitation of the disclosed vulnerabilities

https://thehackernews.com/2024/03/urgent-apple-issues-critical-updates.html…

• Apple released emergency security updates to fix two iOS zero-day vulnerabilities exploited in attacks on iPhones, addressing bugs in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296).
• The security flaws were fixed for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 with improved input validation to prevent arbitrary kernel read and write capabilities.
• The impacted Apple devices include a wide range of products, and the company has not disclosed the source of the zero-days or ongoing exploitation in the wild.
• iOS zero-day vulnerabilities are often used in state-sponsored spyware attacks against high-risk individuals, emphasizing the importance of promptly installing security updates to prevent potential attacks.
• With these two vulnerabilities, Apple has now fixed three zero-day flaws in 2024, following the resolution of 20 zero-days in 2023.

https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-exploited-in-attacks-on-iphones/…

• Google is changing search results to combat SEO spam
• Algorithm updates in May aim to remove low-quality content
• Focus on eradicating AI-generated spam and unhelpful content
• Changes to reduce spammy search results by 40%
• Updates target scaled content abuse and low-value third-party content

https://www.engadget.com/google-is-changing-its-search-results-to-weed-out-seo-spam-195259063.html…

• Google’s March 2024 Core Update aims to reduce “unhelpful” content by 40% through algorithm enhancements and spam policy updates.
• The update focuses on improving search result quality and reducing low-quality, unoriginal content in search results.
• Google is targeting manipulative practices such as automation-generated content and site reputation abuse to enhance search ranking integrity.
• Websites have a two-month window to comply with the new site reputation policy, while other changes come into effect immediately.
• Google emphasizes its commitment to improving search result quality and reducing low-quality content to provide more helpful information to users.

https://www.searchenginejournal.com/google-march-2024-core-update/510243/…

• Implement a privacy-friendly method to disable X’s new calling feature, which leaks IP addresses and lacks encryption.
• The calling feature is automatically enabled in X’s app, allowing peer-to-peer calls that reveal IP addresses.
• To enhance privacy, users can enable “Enhanced call privacy” in X’s Message settings to mask IP addresses.
• The lack of end-to-end encryption in X’s calling feature raises concerns about potential eavesdropping by Twitter.
• Users are advised to disable the calling feature entirely due to privacy risks, or carefully manage settings to control who can make calls.

https://techcrunch.com/2024/03/04/elon-musk-x-twitter-calling-privacy-switch-off/…

• Hackers from TA577 are now using phishing emails to steal Windows NTLM authentication hashes for account hijacks
• GitHub has enabled push protection by default to prevent secrets leak
• CISA advises against using hacked Ivanti VPN gateways even after factory resets
• Windows 11 ‘Moment 5’ update has been released with new features
• Microsoft has fixed Outlook clients not syncing over Exchange ActiveSync

https://www.bleepingcomputer.com/news/security/hackers-steal-windows-ntlm-authentication-hashes-in-phishing-attacks/…

• Internet removal guide 2024 provides steps to remove personal information from the web
• AI advancements have both positive and negative impacts on privacy
• Google offers tools to request removal of personal information from search results
• Adjust social media privacy settings to limit personal information exposure
• Data brokers can profit from selling personal details, but services like Incogni can help remove information from brokers

https://9to5google.com/2024/03/02/how-to-remove-yourself-from-the-internet-2024/…

• Delete personal information online by actively seeking and requesting removal from websites and data brokers to protect your privacy.
• Take control of your digital footprint by embarking on an internet expedition to find and erase personal details displayed online.
• Data brokers collect personal data like addresses, phone numbers, and financial information to use in targeted advertising and potentially harmful activities.
• Utilize services like Incogni, created by Surfshark, to efficiently erase data from people search sites and data brokers, ensuring continuous privacy protection.
• Incogni’s service includes faster opt-out requests, dealing with rejection appeals, and regular data removal to maintain online privacy.

https://9to5mac.com/2024/03/02/delete-your-personal-info-from-the-internet/…

• Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability (CVE-2024-21338) in February, six months after being informed that the flaw was being exploited as a zero-day.
• Avast discovered and reported the actively exploited zero-day vulnerability in the appid.sys Windows AppLocker driver to Microsoft last August.
• The vulnerability impacts various versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022, allowing local attackers to gain SYSTEM privileges without user interaction.
• The North Korean Lazarus state hackers exploited the flaw since at least August 2023 to gain kernel-level access, disable security tools, and manipulate kernel objects using an updated FudModule rootkit.
• Windows users are urged to install the February 2024 Patch Tuesday updates promptly to protect against the CVE-2024-21338 attacks orchestrated by Lazarus.

https://www.bleepingcomputer.com/news/security/windows-kernel-bug-fixed-last-month-exploited-as-zero-day-since-august/…

• Email claiming Google is closing Gmail service on August 1 has gone viral
• Google denies the closure of Gmail service, stating it is here to stay
• A fake email circulated, falsely stating Gmail would no longer support sending, receiving, or storing emails after August 1
• The fake email was flagged as manipulated media and was actually a modified copy of a statement regarding the basic HTML view in Gmail messages
• Disinformation like this can cause anxiety among service users, prompting Google to respond and reassure users of Gmail’s continuity

https://www.forbes.com/sites/daveywinder/2024/02/23/is-google-closing-gmail-service-down-from-august-1/…