January 2024

Insurance website’s buggy API leaked Office 365 password and a giant email trove

Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS Toyota Tsusho Insurance Broker India (TTIBI), an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found.…

Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats

So much for isolation A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users.…

What’s worse than paying an extortion bot that auto-pwned your database?

Paying one that lied to you and only saved the first 20 rows of each table Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their…

Windows Server 2022 patch is breaking apps for some users

Uninstall the update or edit the Windows registry to restore order The latest Windows Server 2022 patch has broken the Chrome browser, and short of uninstalling the update, a registry hack is the only way to restore service for affected users.…

Home improvement marketers dial up trouble from regulator

ICO slaps penalties on two businesses that collectively made more than 3 million cold calls Another week and yet another couple of pesky cold callers face fines from the UK's data privacy watchdog for "bombarding" unsuspecting households with marketing messages about home improvements.…

Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams

.SBS gTLD once owned by Australian broadcaster is another source of strife Scammers are buying up cheap domain names to host sites that sell dodgy health products using fake articles, according to cybercrime disruption outfit Netcraft.…

Nokia walks the walk about its RAN to play on Uncle Sam’s China fears

It pays not to be Huawei, and the US military can be lucrative, too Comment  A vendor establishing a business unit dedicated to government sales is not new or unusual. But Finnish telecommunications giant Nokia’s decision to do so in the USA this week tells a bigger story…

FBI: Beware of thieves building Androxgh0st botnets using stolen creds

Infecting networks via years-old CVEs that should have been patched by now Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…

Locking down the edge

Watch this webinar to find out how Zero Trust fits into the edge security ecosystem Commissioned  Edge security is a growing headache. The attack surface is expanding as more operational functions migrate out of centralized locations and into distributed sites and devices.…

Patch now: Critical VMware, Atlassian flaws found

You didn't have anything else to do this Tuesday, right? VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment.…

Copyright © 2024 Lugapel