Month: January 2024

Malware & Threats

Issued by: Dark Reading

Fresh malware targeting Apple users in the US and Germany is infecting Bitcoin and Exodus cryptowallet applications with a Trojan distributed through pirated software, according to Kaspersky researchers. The malware is delivered via cracked applications and can replace Exodus and Bitcoin cryptowallet applications installed on the user’s machine with infected versions that steal secret recovery…

Malware & Threats

Issued by: DataBreach Today

Generative artificial intelligence-enabled ransomware and nation-state hacks in the United Kingdom are “almost certainly” likely to surge after this year, the National Cyber Security Center warned. And British lawmakers called on the government to roll out measures to prevent AI scams. In a report evaluating the cyber risk posed by artificial intelligence, the NCSC evaluated…

Vulnerabilities

Issued by: Security Affairs

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. The vulnerability is a type confusion issue that resides in the WebKit, an attacker can exploit this issue by tricking the victims…

News

Issued by: DataBreach Today

Skateboarding shoe and outdoor apparel maker VF Corp. said data pertaining to 35.5 million customers appears to have been stolen in a recent data breach. The Colorado maker of apparel and footwear brands including Vans, Supreme, The North Face and Timberland told investors Thursday that its data breach estimate is based on a “preliminary analysis.”…

Vulnerabilities

Issued by: DataBreach Today

Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. The flaw, dubbed LeftoverLocals, affects the GPU frameworks of Apple, AMD and Qualcomm devices. Researchers at security firm Trail of Bits, who uncovered the flaw, said it stems from how the affected…

Vulnerabilities

Issued by: SecurityWeek

The Microsoft-owned platform received the vulnerability report on December 26, 2023, and took immediate action to address the issue and revoke potentially exposed credentials, which led to disruptions between December 27 and 29. The security defect, which allowed access to credentials within a production container, had no impact beyond the security researcher who identified and…

Application Security

Issued by: DataBreach Today

The British data regulator is set to analyze the privacy implications of processing scrapped data used for training generative artificial intelligence algorithms. The Information Commissioners’ Office on Monday announced that it’s soliciting comments from AI developers, legal experts, and other industry stakeholders on how privacy rights might be affected by developments in generative AI. Since…

Malware & Threats

Issued by: CSO Online

A fast rising ransomware outfit is escalating its activities and has launched a new blog offering victims a variety of payoff options, according to a report released Thursday by Palo Alto Networks’ Unit 42. The new Medusa Blog is used by the group to post stolen data with the threat of exposing the data if…

News

Issued by: DataBreach Today

Amazon in a Luxembourg court Tuesday contested a once-record privacy fine levied against the e-commerce giant for its advertising practices by the diminutive country’s data protection authority. At the hearing in Luxembourg’s administrative court, Amazon lawyer Thomas Berger accused the Luxembourg regulator of attacking the company based on unfound allegations, Bloomberg reported. Amazon’s European headquarters…

Vulnerabilities

Issued by: Dark Reading

Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products — CVE-2023-46805 and CVE-2024-21887— that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways, and the vulnerabilities affect all supported versions (Version 9.x and 22.x). Volexity assisted in identifying and…