Recent Security News
-
Oracle Patches 200 Vulnerabilities With January 2024 CPU
January 17, 2024 at 06:30AM Oracle issued 389 new security patches in its January 2024 Critical Patch Update, addressing numerous critical-severity vulnerabilities. The update covers over 200 unique CVEs, with emphasis on Financial Services Applications, Communications, and MySQL. Oracle urges prompt patch application, warning of potential in-the-wild exploitation. The company plans three more Critical Patch…
-
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone
January 17, 2024 at 06:03AM Cybersecurity researchers have developed a “lightweight method” called iShutdown to detect spyware on Apple iOS devices, including threats like NSO Group’s Pegasus and QuaDream’s Reign. The method involves analyzing the “Shutdown.log” file, which records reboot events and environment characteristics, and has been found to be a reliable forensic artifact for…
-
Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation
January 17, 2024 at 05:06AM Citrix published a security bulletin revealing that two zero-day vulnerabilities in NetScaler ADC and Gateway products are being exploited. CVE-2023-6548 allows remote execution of code, and CVE-2023-6549 enables DoS attacks. Citrix advises immediate patch installation. The vulnerabilities may be exploited in targeted attacks but are not expected to have significant…
-
Home improvement marketers dial up trouble from regulator
January 17, 2024 at 04:39AM Two UK cold-calling companies, Poxell Ltd and Skean Homes Ltd, face £150,000 and £100,000 fines, respectively, for making millions of unsolicited marketing calls to individuals on the Telephone Preference Service (TPS). The ICO found both companies in violation of regulations, emphasizing the need to prevent unwanted marketing and protect individual…
-
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
January 17, 2024 at 03:15AM GitHub has responded to a security vulnerability by rotating some keys, including the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. The vulnerability, CVE-2024-0200, has not been exploited in the wild, but GitHub has addressed it with patches. Another bug, CVE-2024-0507, has also been resolved…