Recent Security News
-
Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software
January 19, 2024 at 08:51AM Pirated macOS applications from Chinese websites harbor a backdoor allowing attackers remote control over infected machines. The malware, hosted on “macyy[.]cn,” uses a dropper to fetch backdoor and downloader components, which enable persistence and facilitate additional payloads. This echoes previous incidents involving the ZuRu malware, possibly indicating a successor. (Words:…
-
First Step in AI/ML Security is Finding Them
January 19, 2024 at 08:31AM The growing use of AI in organizations poses new security risks. The adoption of AI tools without informing security teams leads to “shadow ML” and “shadow AI.” Legit Security’s platform provides visibility into all software components and developer tools. Securing machine learning involves finding its usage, threat modeling, and implementing…
-
VMware confirms critical vCenter flaw now exploited in attacks
January 19, 2024 at 08:23AM VMware confirmed active exploitation of a critical vCenter Server vulnerability (CVE-2023-34048) reported by Trend Micro researcher Grigory Dorodnov. Multiple end-of-life products were patched, and ransomware gangs target VMware servers. Over 2,000 exposed servers pose breach risks. VMware urged strict network access control and previously fixed high-severity vCenter Server flaws, an…
-
VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million
January 19, 2024 at 08:00AM 35.5 million customers’ personal information was stolen in a ransomware attack on VF Corporation in December 2023. The attack affected brands like Dickies, The North Face, and Vans. The company has restored impacted systems, but faced operational disruptions. It reported no evidence of stolen passwords and expects minimal financial impact.…
-
US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities
January 19, 2024 at 06:54AM The US government released new guidance for the water and wastewater sector to improve cyber resilience and incident response capabilities. The document, developed by CISA, the FBI, and the EPA, outlines federal roles and resources, encourages incident reporting, and emphasizes interaction with local cyber communities. It aims to mitigate escalating…