July 2024

Affirm admits customer info pilfered during ransomware raid at Evolve Bank

Number of partners acknowledging data theft continues to rise The number of financial institutions caught up in the ransomware attack on Evolve Bank & Trust continues to rise as fintech businesses Wise and Affirm both confirm they have been materially affected.…

‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

Dependency manager used in millions of apps leaves a bitter taste CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – thereby creating opportunities for supply chain attacks…

Baddies hijack Korean ERP vendor’s update systems to spew malware

Notorious 'Andariel' crew takes a bite of HotCroissant backdoor for fresh attack A South Korean ERP vendor's product update server has been attacked and used to deliver malware instead of product updates, according to local infosec outfit AhnLab.…

Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk

Full system takeovers on the cards, for those with enough patience to pull it off Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH's server (sshd) and should upgrade to the latest version.…

Juniper Networks flings out emergency patches for perfect 10 router vuln

Get 'em while they're hot A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.…

Polyfill.io claims reveal new cracks in supply chain, but how deep do they go?

There will always be bad actors in the system. We can always learn from the drama they create Opinion  Libraries. Hushed temples to the civilizing power of knowledge, or launchpads of global destruction? Yep, another word tech has borrowed and debased. Code libraries are essential for adding just…

CISA director: US is ‘not afraid’ to shout about Big Tech’s security failings

Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration CISA director Jen Easterly says the Cybersecurity Safety Review Board (CSRB) "is not afraid to say when something is amiss" in response to questions about fears around private sector collaboration following the board's scathing Microsoft report.…

Police allege ‘evil twin’ of in-flight Wi-Fi used to steal passenger’s credentials

Fasten your seat belts, secure your tray table, and try not to give away your passwords Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to harvest fliers’ credentials for email and social media…

Copyright © 2024 Lugapel