Recent Security News
-
Sophisticated MacOS Infostealers Get Past Apple’s Built-In Detection
January 17, 2024 at 11:26AM Info-stealers like KeySteal, Atomic Infostealer, and CherryPie are increasingly targeting macOS by evading Apple’s built-in malware protection. These sophisticated stealers have evolved with new variants that can bypass detection engines, such as macOS’s XProtect. Even with recent updates, these malware strains pose a continued threat, necessitating ongoing vigilance from macOS…
-
Nearly 7K WordPress Sites Compromised by Balada Injector
January 17, 2024 at 11:04AM Over 6,700 WordPress sites were infected with the Balada Injector malware through a vulnerable Popup Builder plug-in, exploiting a cross-site scripting vulnerability (CVE-2023-6000). This long-running campaign has compromised over 1 million WordPress sites. Security experts advise implementing integrity monitoring and conducting routine updates to mitigate these threats. Based on the…
-
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
January 17, 2024 at 10:36AM The ‘LeftoverLocals’ vulnerability affects GPUs from AMD, Apple, Qualcomm, and Imagination Technologies, allowing data retrieval from local memory. Discovered by Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, it exploits incomplete memory isolation in GPU frameworks, enabling unauthorized data access. Mitigation efforts are underway, including patching and recommending automatic…
-
Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances
January 17, 2024 at 10:30AM Atlassian warns of a critical vulnerability in out-of-date Confluence Data Center and Server versions allowing remote code execution (RCE) without authentication, with a CVE-2023-22527 (CVSS score of 10). This template injection flaw impacts Confluence 8 versions released before Dec. 5, 2023. Atlassian advises immediate patching and recommends updating to the…
-
Wazuh: Building robust cybersecurity architecture with open source tools
January 17, 2024 at 10:14AM Cybersecurity architecture involves designing an organization’s security approach to protect digital assets from a wide range of cyber threats. While implementing security solutions can be costly, leveraging open source tools offers advantages such as cost-effectiveness, flexibility, and community support. Various open source security tools, including Wazuh, ClamAV, Suricata, pfSense, ModSecurity,…