October 4, 2024 at 04:11PM Apple has released updates for iOS and iPadOS (18.0.1) to address two privacy-centric bugs. The first bug, affecting VoiceOver accessibility, could read passwords aloud. The second issue involved voice messages recording users before their awareness. Users are advised to update their devices to mitigate these vulnerabilities. However, these issues do … Read more
September 26, 2024 at 03:32PM HPE has issued emergency fixes for critical flaws in Aruba access points running AOS-8 and AOS-10. These vulnerabilities, rated 9.8 on the CVSS scale, allow attackers to run code on the systems. The flaws affect specific versions of AOS, and HPE advises upgrading to protect against these vulnerabilities. The discovery … Read more
September 24, 2024 at 05:35PM AutoCanada warns that employee data may have been compromised in an August cyberattack linked to the Hunters International ransomware group. Based on the meeting notes, the key takeaway is that AutoCanada is reporting a potential data breach involving employee data due to a cyberattack by the Hunters International ransomware gang … Read more
August 29, 2024 at 06:07AM The Play ransomware group has leaked gigabytes of data allegedly stolen from semiconductor supplier Microchip Technology. The cyberattack disrupted manufacturing operations, impacting order fulfillment. The leaked data includes personal information, financial documents, and the group threatens to release more unless a ransom is paid. The group has targeted other organizations … Read more
August 1, 2024 at 11:30AM The FBI cautions about scammers impersonating cryptocurrency exchange staff to defraud people. Precaution is advised to safeguard funds. Based on the meeting notes, the FBI has issued a warning about scammers who are pretending to be employees of cryptocurrency exchanges in order to fraudulently take funds from unsuspecting victims. It’s … Read more
July 4, 2024 at 03:37AM Twilio confirmed a data breach where hackers leaked 33 million phone numbers and account IDs associated with Authy. However, Twilio found no evidence of access to its systems and advised users to update security measures. The breach could lead to phishing and smishing attacks, urging heightened awareness among Authy users. … Read more
July 3, 2024 at 09:57AM Censys reports over 380,000 internet-exposed hosts with JavaScript scripts referencing the suspended polyfill.io domain. Following its suspension for malicious activities, over 100,000 websites were affected, prompting industry responses. Censys now identifies 384,773 hosts still referencing the domain. Further concerns arise about other potentially compromised domains controlled by the same threat … Read more
June 26, 2024 at 03:11PM The domain polyfill[.]io, used by over 100,000 websites for JavaScript code, has been compromised, serving malicious code like dynamic payloads and leading users to porn and betting sites. The sale of the domain to a Chinese organization has raised security concerns. Website owners are urged to remove references to the … Read more
May 24, 2024 at 04:31PM Researchers at security firm Rapid7 discovered a backdoor in Justice AV Solutions (JAVS) audio-visual software used in over 10,000 courtrooms. The backdoor, suspected to be part of a supply chain attack, enabled attackers full system access. Rapid7 urges affected users to reinstall, reset credentials, and upgrade to a secure version … Read more
May 24, 2024 at 09:24AM Thousands of computers are at risk of complete takeover due to a backdoor injected into the Justice AV Solutions (JAVS) Viewer v8.3.7 installer distributed from official servers. The backdoor, discovered by Rapid7, provides attackers with full control over affected systems. Rapid7 recommends updating to version 8.3.8 and re-imaging affected endpoints … Read more