Recent Security News
-
Cracked macOS apps drain wallets using scripts fetched from DNS records
January 22, 2024 at 05:31PM Hackers are utilizing a covert approach to disseminate information-stealing malware to macOS users via DNS records. The campaign targets macOS Ventura and later users, leveraging cracked applications containing a trojan. Victims unknowingly execute the malware, granting it access to their system and potentially compromising sensitive data. Kaspersky’s findings underscore the…
-
Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years
January 22, 2024 at 05:12PM A critical VMware vulnerability, CVE-2023-34048, was exploited by a Chinese APT, UNC3886, since late 2021 as a zero-day. The group utilized this to gain remote code-execution capabilities and compromise ESXi hosts. Organizations must ensure patching was effective, as many may still be vulnerable due to various challenges in deploying patches.…
-
Microsoft Falls Victim to Russia-Backed ‘Midnight Blizzard’ Cyberattack
January 22, 2024 at 05:05PM Microsoft’s corporate systems fell victim to a cyberattack by the Russian nation-state actor behind the 2020 SolarWinds Orion software breach. The intrusion, discovered on Jan. 12, breached a small percentage of corporate email accounts, including those of senior leadership, cybersecurity, and legal teams. Microsoft pledged to enhance cybersecurity measures and…
-
FTC orders Intuit to stop pushing “free” software that isn’t really free
January 22, 2024 at 04:42PM The FTC ordered Intuit to stop promoting its software as “free” unless it’s truly free for all consumers, following a deceptive advertising campaign for TurboTax. The order prohibits misleading ads and requires clear disclosure of eligibility and terms for free products. Intuit is also barred from providing false information about…