Cybersecurity

Apple and Meta gave user data to hackers who used forged legal requests

Apple and Meta Platforms, the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a…

US national emergency extended due to elevated malicious cyber activity

US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy. The national emergency was declared on April 1, 2015…

New Spring Java framework zero-day allows remote code execution

A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. Spring is a very popular application framework that allows software developers to quickly and easily…

Google Chrome Bug Actively Exploited as Zero-Day

The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine. Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild…

China, Iran, North Korea, Russia and others using Ukraine invasion in phishing attacks: Google

Google’s Threat Analysis Group said on Wednesday that it has seen evidence indicating a range of state-backed threat actors are using the recent invasion of Ukraine to steal credentials through malicious emails and links. In a blog post, Google’s Billy Leonard said…

Sitel blames Okta breach on ‘legacy’ network from acquisition

Sitel, the company at the center of a wide-ranging data breach affecting popular access management provider Okta, cited a legacy network from a recent acquisition as the cause of the security incident. The company has faced significant backlash since Okta revealed that it…

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

The so-called ‘Spring4Shell’ bug has cropped up, so to speak, and could be lurking in any number of Java applications. A concerning security vulnerability has bloomed in the Spring Cloud Function, which could lead to remote code execution (RCE) and the compromise of…

Google: Russian phishing attacks target NATO, European military

The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. The report's highlight are credential phishing attacks…

FBI Investigating More than 100 Ransomware Variants

The United States Federal Bureau of Investigation (FBI) is currently investigating more than 100 different variants of ransomware, many of which have been used in multiple ransomware campaigns. Information on the Bureau’s efforts to tackle the malware threat was among…

Remote 'Brokenwire' Hack Prevents Charging of Electric Vehicles

Researchers from the University of Oxford in the UK and Switzerland’s Armasuisse federal agency have identified a new attack method that can be used to remotely interrupt the charging of electric vehicles. The attack method, named Brokenwire, involves wirelessly…