Feeld dating app’s security too open-minded as private data swings into public view

September 13, 2024 at 02:31PM Researchers uncovered numerous security vulnerabilities in the Feeld dating app, creating potential risks for users’ sensitive data. The flaws allowed unauthorized access to private messages, user profiles, and media shared in chatrooms. Despite notifications to Feeld, the fixes remain pending six months later, prompting concerns about data security and privacy. … Read more

WordPress.org to require 2FA for plugin developers by October

September 11, 2024 at 01:37PM Starting October 1st, WordPress.org requires two-factor authentication for accounts that can push updates to plugins and themes. This decision aims to reduce the risk of unauthorized access and supply-chain attacks. The 2FA security feature needs to be activated, and SVN-specific passwords have been added for making code changes. Technical limitations … Read more

SAP Releases 16 New Security Notes on September 2024 Patch Day

September 10, 2024 at 10:27AM SAP released 16 new and updated security notes in September 2024. The updates addressed critical, high, and medium-severity vulnerabilities in various software applications. These include fixes for issues such as missing authorization checks, information disclosure, and cross-site scripting. SAP advises users to apply the fixes promptly and notes no exploitation … Read more

Payment gateway data breach affects 1.7 million credit card owners

September 9, 2024 at 10:39AM Payment gateway provider Slim CD disclosed a data breach compromising credit card and personal data of nearly 1.7 million individuals. Hackers had access to the network for almost a year. Though the exposed data isn’t enough for fraudulent transactions, a risk of credit card fraud exists. Slim CD has augmented … Read more

‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names

September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more

It’s Possible to Clone YubiKeys Thanks to a Newly Discovered Vulnerability

September 4, 2024 at 12:12PM Security researchers have discovered a vulnerability in YubiKey 5 that could allow skilled hackers to clone the device, due to a cryptographic flaw. This could impact millions of users relying on YubiKeys for secure authentication. Exploiting the vulnerability demands significant time, expertise, and costly equipment, making it a complex and … Read more

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs

August 27, 2024 at 10:05AM Chinese hacking group Volt Typhoon exploited a zero-day vulnerability in Versa Director to upload a destructive webshell, allowing them to steal credentials and breach corporate networks. Versa has released an advisory outlining impacted versions and the recommended upgrade to fix the issue. Lumen’s Black Lotus Labs identified the exploit and … Read more

Watchdog warns FBI is sloppy on secure data storage and destruction

August 26, 2024 at 03:20PM The FBI was found to have serious flaws in its handling and disposal of seized electronic storage media. The lack of labeling and tight security measures posed risks of loss or theft of sensitive information. While the FBI is taking steps to address the issue, concerns remain over inventory control … Read more

Seattle airport ‘possible cyberattack’ snarls travel yet again

August 26, 2024 at 02:35PM The Port of Seattle, operating Seattle-Tacoma International Airport, is investigating a “possible cyberattack” causing computer outages and flight delays. The disruption led to long lines, manual ticketing, and terminal screen issues. The website remains offline as authorities work with federal partners to investigate. The attack coincides with a rise in … Read more