Recent Security News
-
Kenyan Issues New Guidance for Protecting Personal Data
January 11, 2024 at 10:36AM Kenya’s Office of the Data Protection Commissioner released new guidance notes for data protection in education, communications, and digital credit sectors, as well as a general guide for processing health data. The Data Protection Act, enacted in 2019, has led to significant enforcement, with fines issued for violations. Awareness efforts…
-
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
January 11, 2024 at 10:28AM Chinese nation-state attackers have been exploiting two zero-day vulnerabilities in Ivanti’s security products, particularly affecting Ivanti Connect Secure (ICS) and Policy Secure. The US Cybersecurity and Infrastructure Security Agency (CISA) has advised users to apply the current workaround. Ivanti’s patches for the vulnerabilities are staggered, and organizations are urged to…
-
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
January 11, 2024 at 10:21AM Cybersecurity researchers have developed a proof-of-concept code exploiting a critical flaw in Apache OFBiz, allowing memory-resident payload execution. Despite a fix in version 18.12.11, threat actors attempt to exploit the flaw, aiming at vulnerable instances. The CVE-2023-51467 allows remote code execution, posing a serious threat despite security guardrails. Based on…
-
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms
January 11, 2024 at 10:21AM A new Python-based hacking tool called FBot has emerged, targeting web servers, cloud services, and SaaS platforms. It includes features for credential harvesting, hijacking AWS and PayPal accounts, and attacking SaaS accounts. Similar to other cloud hacking tools, FBot aims to hijack cloud and SaaS services and monetize stolen access.…