Recent Security News
-
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone
January 17, 2024 at 06:03AM Cybersecurity researchers have developed a “lightweight method” called iShutdown to detect spyware on Apple iOS devices, including threats like NSO Group’s Pegasus and QuaDream’s Reign. The method involves analyzing the “Shutdown.log” file, which records reboot events and environment characteristics, and has been found to be a reliable forensic artifact for…
-
Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation
January 17, 2024 at 05:06AM Citrix published a security bulletin revealing that two zero-day vulnerabilities in NetScaler ADC and Gateway products are being exploited. CVE-2023-6548 allows remote execution of code, and CVE-2023-6549 enables DoS attacks. Citrix advises immediate patch installation. The vulnerabilities may be exploited in targeted attacks but are not expected to have significant…
-
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
January 17, 2024 at 03:15AM GitHub has responded to a security vulnerability by rotating some keys, including the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. The vulnerability, CVE-2024-0200, has not been exploited in the wild, but GitHub has addressed it with patches. Another bug, CVE-2024-0507, has also been resolved…
-
Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams
January 17, 2024 at 01:34AM Netcraft discovered that scammers are exploiting cheap domain names to promote fake health products through deceptive news campaigns, mimicking popular news outlets and falsely claiming endorsements from TV shows like Shark Tank and Dragons’ Den. The proliferation of new global top-level domain names, such as .sbs and .cloud, at low…