July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more
June 29, 2024 at 11:24AM Hackers are exploiting a critical vulnerability (CVE-2024-0769) in D-Link DIR-859 WiFi routers to access sensitive data, including account information and passwords. Despite the router being end-of-life, D-Link has released a security advisory warning about the flaw in the “fatlady.php” file. This issue poses a significant security risk, and users are … Read more
June 26, 2024 at 01:04PM Fortra FileCatalyst Workflow has a critical SQL injection vulnerability (CVE-2024-5276) discovered by Tenable researchers. It allows remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. Exploitation requires enabled anonymous access on the target instance. A public exploit is available, and fixes are provided in … Read more
June 25, 2024 at 08:49PM Geisinger, a healthcare provider, suspects a former Nuance Communications employee, now arrested and facing federal charges, of stealing highly personal data on over a million of its patients. Nuance failed to revoke the ex-employee’s access to corporate files post-termination, leading to the security breach. However, it was undisclosed if charges … Read more
June 25, 2024 at 05:59PM A critical security flaw in Progress Software’s MOVEit Transfer enables attackers to bypass authentication protocols and has been actively exploited shortly after being disclosed. The vulnerability, CVE-2024-5806 with CVSS 7.4, affects specific versions of MOVEit Transfer. Urgent patching is recommended due to the potential for cybercriminal exploitation and compromise of … Read more
June 24, 2024 at 04:43PM A critical vulnerability, dubbed Probllama (CVE-2024-37032), in the Ollama project for running LLMs allows remote code execution. The flaw, fixed in version 0.1.34, impacts over 1,000 exposed instances. Wiz Research urges timely updating and implementing strong authentication measures, emphasizing the risk associated with unpatched instances. This underscores the need for … Read more
June 24, 2024 at 11:03AM CoinStats experienced a serious security breach affecting 1,590 cryptocurrency wallets, believed to be orchestrated by North Korean threat actors. The platform, used by 1.5 million users for investment tracking and real-time data, had its website and app disabled during the investigation. Users are advised to transfer their funds from affected … Read more
May 29, 2024 at 11:40AM Check Point warns of zero-day vulnerability in Network Security gateway products, exploited by threat actors. Tracked as CVE-2024-24919, it affects various products. Attackers could read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. Hotfixes are available for impacted versions. Recent attacks targeted VPN devices to … Read more
May 19, 2024 at 05:19PM The American Radio Relay League (ARRL) experienced a cyberattack disrupting its IT systems, including email and the Logbook of the World online service. The national association for amateur radio in the US represents radio interests, provides technical advice, and organizes events and educational programs. Member database containing private information was … Read more
May 14, 2024 at 11:12AM Apple and Google jointly announced a new privacy feature, “Detecting Unwanted Location Trackers,” for Android and iOS users. The feature alerts users when an unknown Bluetooth tracking device is travelling with them, with a joint industry specification for such devices. Users can receive alerts and take action to disable the … Read more