Recent Security News
-
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments
January 11, 2024 at 10:41AM Chinese state-sponsored hackers are targeting government entities in the US, UK, and Australia by exploiting old vulnerabilities in Cisco routers, reports SecurityScorecard. The actors likely compromised one-third of observed vulnerable devices and may operate a much larger botnet than previously believed, as indicated by connections to government sites. The attacks…
-
Kenyan Issues New Guidance for Protecting Personal Data
January 11, 2024 at 10:36AM Kenya’s Office of the Data Protection Commissioner released new guidance notes for data protection in education, communications, and digital credit sectors, as well as a general guide for processing health data. The Data Protection Act, enacted in 2019, has led to significant enforcement, with fines issued for violations. Awareness efforts…
-
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
January 11, 2024 at 10:28AM Chinese nation-state attackers have been exploiting two zero-day vulnerabilities in Ivanti’s security products, particularly affecting Ivanti Connect Secure (ICS) and Policy Secure. The US Cybersecurity and Infrastructure Security Agency (CISA) has advised users to apply the current workaround. Ivanti’s patches for the vulnerabilities are staggered, and organizations are urged to…
-
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
January 11, 2024 at 10:21AM Cybersecurity researchers have developed a proof-of-concept code exploiting a critical flaw in Apache OFBiz, allowing memory-resident payload execution. Despite a fix in version 18.12.11, threat actors attempt to exploit the flaw, aiming at vulnerable instances. The CVE-2023-51467 allows remote code execution, posing a serious threat despite security guardrails. Based on…