Recent Security News
-
Data regulator fines HelloFresh £140k for sending 80M+ spams
January 12, 2024 at 06:32AM HelloFresh faces a £140,000 fine from Britain’s data privacy watchdog for sending 79 million spam emails and 1 million texts in seven months. The company misled customers about opt-in statements for marketing messages, failing to provide clear information or an easy opt-out process. The ICO issued the fine for breaching…
-
Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
January 12, 2024 at 06:15AM Apple announced a firmware update for the Magic Keyboard to fix a Bluetooth vulnerability disclosed by SkySafe engineer. The vulnerability could allow attackers to inject keystrokes without authentication. The update, version 2.0.6, is being rolled out and reportedly mitigates the attack. Users can check for the update in their system…
-
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout
January 12, 2024 at 06:15AM The recently discovered Ivanti Connect Secure zero-day vulnerabilities are being exploited by threat actors linked to China, aiming to steal valuable data. These vulnerabilities, CVE-2023-46805 and CVE-2024-21887, pose a serious threat, with over 7,000 internet-exposed instances vulnerable to attacks. Patches are expected by the week of January 22, but CISA…
-
While we fire the boss, can you lock him out of the network?
January 12, 2024 at 03:42AM In this week’s edition of On Call, “Alvin” faced a predicament when a client suspected their network engineer of improperly accessing HR files. Alvin’s astute handling of the situation led to the engineer’s dismissal and the discovery of unauthorized servers in his apartment, ultimately vindicating the decision to let him…
-
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
January 12, 2024 at 03:09AM Cybersecurity researchers have discovered a new attack using misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners and conceal them with rootkits. The attackers exploit flaws to run remote code on targeted systems and hide mining processes. Mitigations include deploying agent-based security solutions to detect and prevent such attacks.…