Recent Security News
-
iPhone, Android Ambient Light Sensors Allow Stealthy Spying
January 19, 2024 at 11:46AM Researchers at MIT have discovered that ambient light sensors in smart devices, usually used for adjusting screen brightness, can covertly capture images of user gestures without requiring permission, posing a privacy threat. The team highlighted the potential risk and suggested measures like restricting information rates and adding permission controls to…
-
Chinese hackers exploit VMware bug as zero-day for two years
January 19, 2024 at 11:38AM Summary: A Chinese hacking group exploited a vCenter Server vulnerability (CVE-2023-34048) as a zero-day since late 2021, using it to breach targets’ servers, escalate privileges, and exfiltrate files. The group, UNC3886, also targeted Fortinet firewall devices with a zero-day. Its preferred targets include defense, government, telecom, and tech sectors in…
-
CISA’s Road Map: Charting a Course for Trustworthy AI Development
January 19, 2024 at 10:05AM The Cybersecurity and Infrastructure Agency (CISA) has released a 2023–2024 “CISA Roadmap for Artificial Intelligence” to ensure secure and trustworthy development and use of AI, aligned with the White House Executive Order 14110. The road map focuses on four goals including cyber defense, risk reduction, operational collaboration, and agency unification.…
-
US Charges Russian Involved in 2013 Hacking of Neiman Marcus, MichaelsÂ
January 19, 2024 at 10:00AM The US Justice Department recently charged two Russian nationals for involvement in cybercriminal activities, including hacking retailers Michaels and Neiman Marcus in 2013. Aleksey Stroganov and Tim Stigal are accused of stealing and selling payment card data, causing $35 million in losses. Stroganov’s partner, Roman Seleznev, received multiple prison sentences…
-
Vans, North Face owner says ransomware breach affects 35 million people
January 19, 2024 at 09:35AM VF Corporation reported a ransomware attack in December, with over 35 million customers’ personal data stolen, but no sensitive payment information affected. The attack disrupted business operations, leading to inventory and order fulfillment issues. VF Corp has restored most IT systems and is cooperating with authorities in investigating the incident.…