Recent Security News
-
Home improvement marketers dial up trouble from regulator
January 17, 2024 at 04:39AM Two UK cold-calling companies, Poxell Ltd and Skean Homes Ltd, face £150,000 and £100,000 fines, respectively, for making millions of unsolicited marketing calls to individuals on the Telephone Preference Service (TPS). The ICO found both companies in violation of regulations, emphasizing the need to prevent unwanted marketing and protect individual…
-
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
January 17, 2024 at 03:15AM GitHub has responded to a security vulnerability by rotating some keys, including the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. The vulnerability, CVE-2024-0200, has not been exploited in the wild, but GitHub has addressed it with patches. Another bug, CVE-2024-0507, has also been resolved…
-
Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams
January 17, 2024 at 01:34AM Netcraft discovered that scammers are exploiting cheap domain names to promote fake health products through deceptive news campaigns, mimicking popular news outlets and falsely claiming endorsements from TV shows like Shark Tank and Dragons’ Den. The proliferation of new global top-level domain names, such as .sbs and .cloud, at low…
-
Nokia walks the walk about its RAN to play on Uncle Sam’s China fears
January 16, 2024 at 10:01PM Nokia has launched a dedicated business unit for government sales in the USA, reflecting Washington’s concerns about national infrastructure security. The move comes amid US efforts to remove Chinese-made equipment from its networks due to security worries. Nokia is tailoring its portfolio and sales team to meet federal government needs,…
-
FBI: Beware of thieves building Androxgh0st botnets using stolen creds
January 16, 2024 at 08:36PM The FBI and CISA warn that cybercriminals are leveraging old vulnerabilities to deploy Androxgh0st malware, targeting .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. The malware can be used to steal data, execute code remotely, and create new AWS users and instances. Mitigations include updating…