Recent Security News

  • Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover

    December 29, 2023 at 07:00AM Palo Alto Networks reports that an attacker with access to a Kubernetes cluster could exploit vulnerabilities in FluentBit and Anthos Service Mesh (ASM) within Google Kubernetes Engine (GKE) to gain complete control of the cluster. Google has released patches for the issues, but urges users to manually update their clusters…

    Read More

  • CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

    December 29, 2023 at 06:54AM Ukraine’s CERT-UA has warned of a new phishing campaign by the Russia-linked APT28 group targeting government entities through email messages, deploying malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The attacks utilize various tools, including the Python-based MASEPIE and the C#-based OCEANMAP, with communications employing encrypted channels.…

    Read More

  • Critical Apache OFBiz Vulnerability in Attacker Crosshairs

    December 29, 2023 at 06:12AM Shadowserver Foundation reports in-the-wild exploitation attempts targeting a critical vulnerability in Apache OFBiz ERP system, leading to attempted server-side request forgery and exposure to sensitive information. SonicWall uncovered a related incomplete patch vulnerability, CVE-2023-51467, prompting a release of version 18.12.11 to fix the issue. Organizational system patching is strongly recommended.…

    Read More

  • Europe’s Largest Parking App Provider Informs Customers of Data Breach

    December 29, 2023 at 06:12AM EasyPark Group, Europe’s largest parking app operator, revealed a data breach affecting customer information after a cyberattack on December 10. Limited customer data, including name, phone number, and partial bank/card numbers, was compromised. No unauthorized transactions occurred, and authorities have been notified. EasyPark has reassured users and continues to provide…

    Read More

  • Operations, Trading of Eagers Automotive Disrupted by Cyberattack

    December 29, 2023 at 05:06AM Australian and New Zealand vehicle dealer Eagers Automotive (ASX: APE) experienced a cyberattack, leading to disruptions and a trading halt on the Australian Securities Exchange. While most dealerships remain open, the incident has affected transaction finalization and some operational IT systems. The company does not anticipate a significant financial impact…

    Read More