January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key … Read more
January 16, 2024 at 10:09AM Ransomware poses a significant challenge for businesses, with debates on the best response. While a US-led coalition to reject ransom payments is symbolic, it ignores practical aspects and lacks a preemptive approach. For some companies, paying ransoms may be the most efficient way to minimize damage. However, the real solution … Read more
January 16, 2024 at 10:04AM Ivanti Connect Secure (ICS) VPN users are at risk if they have not applied recent vulnerability mitigation. Over 1,700 devices have been compromised due to successful exploits. The attacks have targeted a wide range of organizations globally. Users are advised to run Ivanti’s Integrity Checker Tool to detect compromises and … Read more
January 16, 2024 at 06:51AM Reflectiz, a website security company, rescued a major retail client from non-compliance fines due to misconfigured cookie tracking. Despite being unintended, the client risked substantial penalties under GDPR. Reflectiz’s advanced exposure management solution detected 37 unauthorized cookie injections and facilitated timely corrective action, emphasizing the importance of continuous monitoring and … Read more
January 15, 2024 at 10:40AM The FTC secures settlement with X-Mode Social, prohibiting sale of sensitive location data. Outlogic to delete previously collected data and honor opt-out requests, under FTC settlement. Critical vulnerabilities in Cisco, Siemens, Rapid Software, and Fortinet products. iOSpionage campaign exploited Apple’s ECC. HMG hit by data breach, unable to identify compromised … Read more
January 14, 2024 at 02:36PM The GrapheneOS team suggests introducing an auto-reboot feature for Android to reduce exploitation of firmware flaws, affecting data theft and spying on Google Pixel and Samsung Galaxy phones. They recommend a shorter reboot interval and emphasize the importance of device encryption and security. Google is reviewing the reported vulnerabilities while … Read more
January 12, 2024 at 07:00PM Criminals exploit Windows Defender SmartScreen bypass vulnerability to spread Phemedrone Stealer malware, targeting sensitive data on PCs. The flaw CVE-2023-36025 was patched by Microsoft in November, but a proof-of-concept exploit has been created. The malware targets various browsers, applications, and cryptocurrency wallets, and uses obfuscation techniques to evade detection. Update … Read more
January 12, 2024 at 02:34AM Most people at CES are uncomfortable with car manufacturers sharing their data with third parties, with 72% expressing discomfort. Many are unaware of the extent of data collection by their cars. However, there is a willingness to trade personal data for driver personalization and better insurance rates, suggesting a need … Read more
January 11, 2024 at 03:28PM Popular athleisure clothing brand Halara is investigating a data breach after the alleged leak of almost 950,000 customers’ data on a hacking forum. The Hong Kong-based company, known for its TikTok promotions, is working to address the situation. The leaked data is said to contain personal information, prompting concerns about … Read more
January 11, 2024 at 09:00AM Cybersecurity researchers have found an enhanced version of the macOS information stealer, Atomic (AMOS), with updated capabilities, including payload encryption to bypass detection rules. Its cost has risen to $3,000/month with a festive promotion. Malvertising campaigns impersonating Slack and TradingView are used to distribute the malware. Caution is advised when … Read more