Recent Security News
-
33M French Citizens Impacted in Country’s Largest-Ever Breach
February 12, 2024 at 02:17PM The French data protection agency, CNIL, is investigating two data breaches at payment processors affecting nearly half of the country’s population. Cyberattackers accessed data for 33 million citizens through phishing attacks. The compromised personally identifiable information includes details often used for social engineering attacks. This highlights the vulnerability of businesses…
-
CISA: Roundcube email server bug now exploited in attacks
February 12, 2024 at 02:03PM CISA warns of active exploitation of Roundcube email server vulnerability (CVE-2023-43770), impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The security flaw leads to persistent cross-site scripting attacks. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging immediate patching by federal agencies and private…
-
FCC gets tough: Telcos must now tell you when your PII is stolen
February 12, 2024 at 01:50PM The US Federal Communications Commission has introduced updated reporting requirements for telecom companies, mandating a seven-day reporting window for disclosing system breaches to the FCC, FBI, and US Secret Service. Additional provisions include notifying customers of breaches and expanding the types of data that require notification. The new rule goes…
-
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
February 12, 2024 at 11:32AM Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti products to deploy the DSLog backdoor, allowing remote command execution. The vulnerability, known as CVE-2024-21893, affects SAML components and enables bypassing authentication. Successful attacks have been reported, prompting the release of security updates to mitigate the risk. Key takeaways…