Unpatched Zimbra flaw under attack is letting hackers backdoor servers
The flaw has been under attack since at least early September. Enlarge (credit: Jeremy Brooks / Flickr) An unpatched code-execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers u.....»»
Firms hit by huge IT outage warned to be wary of scammers
Firms impacted by the recent global IT outage are being warned to be wary of scammers and hackers looking to take advantage of the situation......»»
Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Faulty CrowdStrike update takes out Windows machines worldwide Thousands and possibly millions of Windows computers and servers worldwide have been.....»»
iOS 18 finally lets you hide app and widget names on your Home Screen, here’s how
Along with letting users customize app colors, organize apps anywhere, and more natively, iOS 18 brings a subtle new feature that cleans up the Home Screen. Here’s how to hide app names on iPhone in iOS 18. more….....»»
Elon Musk’s X tests letting users request Community Notes on bad posts
X to fight spiking disinformation by letting users request Community Notes. Enlarge (credit: SOPA Images / Contributor | LightRocket) Continuing to evolve the fact-checking service that launched as Twitter's Birdwatch, X.....»»
CrowdStrike explained: How one faulty update killed half the world’s IT systems
The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact. Ironically, the effect of the CrowdStrike flaw has been almost i.....»»
Faulty CrowdStrike update takes out Windows machines worldwide
Houndreds of housands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations.....»»
CISOs must shift from tactical defense to strategic leadership
Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, accor.....»»
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one.....»»
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither.....»»
Invicti API Security uncovers hidden and undocumented APIs
Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surfa.....»»
DDoS attacks see a huge rise as criminals get braver and more ambitious
Hackers are getting access to better tools, previously only reserved for state-sponsored actors, researchers say......»»
Hackers are targeting Microsoft Teams on Mac
Discover how hackers are now trying to steal your data using the Microsoft Teams app for Mac with atactic that can even show up in a Google Search......»»
CDK ransom money goes through extensive money laundering schemes before reaching hackers
CDK Global likely paid a hacker group around $25 million in ransom June 21 to address the cyberattacks that led to significant software outages across the car dealer industry, CNN reported......»»
Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice
Files available on the open source NPM repository underscore a growing sophistication. Enlarge (credit: BeeBright / Getty Images / iStockphoto) Researchers have determined that two fake AWS packages downloaded hundreds o.....»»
Phone encryption debate will reignite over attempted Trump assassination
Former President Donald Trump would-be assassin's locked phone is in FBI custody. Stand by for the next attack on encryption, privacy, and security.Privacy and security rely on encryption, a bane to investigatorsThe manufacturer of the shooter's phon.....»»
Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulne.....»»
Rite Aid confirms data breach following ransomware attack
Pharmacy giant confirms sensitive data was stolen, but health and payment information was not......»»
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials have sto.....»»
Exim vulnerability affecting 1.5M servers lets attackers attach malicious files
Based on past attacks, it wouldn’t be surprising to see active targeting this time, too. Enlarge More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts,.....»»
Massive AT&T data breach sees hackers steal personal data of almost all customers
A massive AT&T data breach has seen hackers able to steal the personal data of almost every customer the company has – a total of some 110 million Americans. In an incredible security fail, the stolen data includes not only customer phone number.....»»