Recent Security News
-
Hackers target Apache RocketMQ servers vulnerable to RCE attacks
January 5, 2024 at 12:38PM Security researchers have identified critical vulnerabilities, CVE-2023-33246 and CVE-2023-37582, in Apache RocketMQ. Despite an initial patch, these vulnerabilities remain active, impacting the NameServer component in RocketMQ version 5.1 and older. Attackers can exploit these flaws to execute commands and should upgrade to version 5.1.2/4.9.7 or higher to prevent attacks. ShadowServer…
-
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved
January 5, 2024 at 11:24AM A settlement between Merck and its insurers has been reached over the damage caused by NotPetya, an attack attributed to Russia. Merck made a $1.4 billion claim under its ‘all-risks’ coverage, but faced exclusion due to the standard war clause. Legal definition of cyberwar remains unresolved as the case settled.…
-
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected
January 5, 2024 at 11:24AM Orrick, Herrington & Sutcliffe, a law firm specializing in cyberattacks, disclosed that over 600,000 individuals were impacted by a data breach in early 2023. The breach involved unauthorized access to a portion of its network and compromised personal information of clients’ customers. Orrick has deployed additional security measures and reached…
-
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers
January 5, 2024 at 11:15AM Cybersecurity researchers have identified a new Apple macOS backdoor called SpectralBlur, attributed to North Korean threat actors. It has capabilities such as uploading/downloading files and running shell commands. The malware shares similarities with KANDYKORN, showcasing the growing focus of North Korean threat actors on macOS, particularly in cryptocurrency and blockchain…