Xynik January 8, 2024 at 01:22PM Hackers defaced flight information displays at Rafic Hariri International Airport, Lebanon, criticizing Hezbollah and Iran. The messages also disrupted the baggage handling system. The Christian Lebanese group, Soldiers of God, denied any involvement. Security experts noted the vulnerability of flight display systems to hacking. A cybersecurity firm highlighted potential chaos … Read more
January 8, 2024 at 01:11PM The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024. Users are advised to switch to the mobile version for two-factor authentication. Twilio, the vendor, plans to focus on higher demand areas. Current users should switch to iOS or Google apps. Other options include 1Password, … Read more
January 8, 2024 at 12:50PM SonicWall has observed thousands of daily exploitation attempts targeting the Apache OFBiz zero-day vulnerability. The severity is near-maximum, with a 9.8 rating, allowing attackers to bypass authentication and execute arbitrary code. They urge immediate upgrading to OFBiz version 18.12.11 to address this and another equally serious vulnerability. Apache OFBiz has … Read more
January 8, 2024 at 12:41PM Leading U.S. mortgage lender loanDepot confirmed a ransomware attack that encrypted data, affecting customer payment portals and prompting system shutdowns. An investigation is underway with external experts’ assistance, including notifications to law enforcement. Although the impact is being assessed, concerns arise over potential data exposure. Previously, loanDepot reported a 2022 … Read more
January 8, 2024 at 10:51AM Organizations must rethink helpdesk security in light of the MGM Resorts hack. Attackers used social engineering to impersonate an employee, bypassed verification systems, and executed a ransomware attack. Helpdesk training, multi-factor authentication, and secure communication channels are crucial for preventing such incidents. Specops Secure Service Desk offers advanced employee verification. … Read more
January 8, 2024 at 10:02AM Critical infrastructure organizations are both more efficient and more vulnerable due to dramatic changes in technology and cybersecurity landscapes. The integration of IoT, smart devices, and OT with IT operations onto cloud platforms streamlines operations but also increases susceptibility to cyberattacks. Rigorous asset management, simulations, and response readiness are crucial … Read more
January 8, 2024 at 09:54AM QNAP Systems has released patches for a dozen vulnerabilities, including high-severity flaws affecting its operating system and products like QTS, QuTS hero, Video Station, and QuMagie. These vulnerabilities could allow remote attackers to execute arbitrary code, perform SQL injection and OS command injection, and exploit cross-site scripting flaws. Details can … Read more
January 8, 2024 at 09:54AM A cyberespionage group, likely linked to Turkey, named Sea Turtle, Cosmic Wolf, Marbled Dust, Silicon, and Teal Kurma, has been targeting public and private organizations in the Netherlands. The group, observed by Dutch incident response provider Hunt & Hackett, conducted multiple espionage campaigns focusing on government, telecommunications, media, NGOs, ISPs, … Read more
January 8, 2024 at 09:19AM Threat actors known as Anonymous Arabic have released a remote access trojan called Silver RAT, designed to bypass security software and launch hidden applications. The group also offers services such as the distribution of cracked RATs and social media bots used for promoting illicit activities. Silver RAT was first observed … Read more
January 8, 2024 at 09:14AM A misconfigured object storage system at Iranian crypto exchange bit24.cash exposed personal details of 230,000 citizens. Researchers found unprotected and open S3 buckets storing users’ verification documents, including consent letters, passport information, and credit card details. However, bit24.cash assured no evidence of a breach and confirmed securing the storage instance. … Read more