Recent Security News
-
North Korea’s ScarCruft Attackers Gear Up to Target Cybersecurity Pros
January 22, 2024 at 03:46PM ScarCruft, a North Korea-sponsored APT group, is preparing for targeted cyberattacks on threat intelligence professionals. They aim to steal nonpublic threat intel and enhance their offensive tactics. The innovative campaign involves using lure related to the Kimsuky APT group to target cybersecurity professionals, and the group is refining their malicious…
-
German IT Consultant Fined Thousands for Reporting Security Failing
January 22, 2024 at 03:31PM A security researcher in Germany was fined €3,000 for reporting a vulnerability in an e-commerce database that put customer information at risk. Modern Solution GmbH downplayed the data exposure, leading to a legal battle. Hendrik H. was initially vindicated by the District Court but was eventually fined and is planning…
-
Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation
January 22, 2024 at 03:24PM Apple has released iOS 17.3 and macOS Sonoma 14.3 updates to address 16 vulnerabilities including WebKit flaws exploited in zero-day attacks. Apple warns of code execution, denial-of-service, and data exposure threats and suspects recent exploitation. The updates also fix security issues in several other components. Apple hasn’t provided technical details…
-
Malicious web redirect scripts stealth up to hide on hacked sites
January 22, 2024 at 03:15PM Security researchers discovered the Parrot traffic direction system (TDS) to be rapidly evolving, enhancing its malicious capabilities. Targeting vulnerable WordPress and Joomla sites, it infects and redirects users to malicious locations, with 16,500 websites affected. The TDS operators sell the traffic to threat actors, who profile and redirect users to…
-
Apple fixes first zero-day bug exploited in attacks this year
January 22, 2024 at 02:25PM Apple released security updates to address the first zero-day vulnerability of the year, tracked as CVE-2024-23222, impacting iPhones, Macs, and Apple TVs. The WebKit confusion issue could be exploited by attackers, leading to arbitrary code execution. Devices running vulnerable iOS, macOS, and tvOS versions are affected. Security updates are available…