Similar Posts
Rising Threat: Hackers Exploit Year-Old ServiceNow Security Vulnerabilities to Target Unpatched Systems
Security researchers have raised alarms about a rise in cyberattacks targeting three vulnerabilities in ServiceNow, identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. A blog post by GreyNoise noted a significant increase in exploitation attempts, especially in Israel, with incidents also reported in Germany, Japan, and Lithuania. These vulnerabilities can be chained to potentially allow attackers full database access, posing risks to sensitive employee data. While ServiceNow has patched these flaws, the U.S. security firm Resecurity has warned of targeted attacks on various sectors. Organizations are urged to promptly apply security patches to safeguard against these threats.
UK Domain Leader Nominet Reports Cybersecurity Breach Tied to Ivanti VPN Vulnerabilities
Nominet, the U.K. domain registry managing .co.uk domains, is dealing with a significant cybersecurity incident linked to a vulnerability in Ivanti’s VPN software. Hackers accessed Nominet’s systems via this third-party VPN, exploiting a zero-day vulnerability before Nominet could implement security patches. Although Ivanti has not disclosed the number of affected customers, cybersecurity experts report widespread compromises among various organizations. Nominet has restricted VPN access and is investigating the incident while assuring customers that there is currently no evidence of data breaches. They are monitoring their systems and updating stakeholders throughout the investigation.
UK’s Hidden iCloud Backdoor Sparks Civil Rights Battle
The U.K. government’s demand for Apple to create a backdoor in its end-to-end encrypted iCloud service has led to legal challenges from civil rights organizations, including Liberty and Privacy International. They filed complaints against the order, labeling it “unacceptable and disproportionate,” and expressed concerns about its global implications for privacy and security. Key figures, Gus Hosein and Ben Wizner, are involved in the challenge, with Apple also contesting the order in the Investigatory Powers Tribunal. The organizations are urging for a public hearing, emphasizing the need to protect encryption essential for privacy and free expression as the case progresses.
Apple Patches Critical Zero-Day Vulnerability Impacting All Devices
Apple has released significant updates for its iPhone, iPad, and Mac operating systems, enhancing security and functionality. Key features include the default activation of Apple Intelligence on compatible devices and crucial security bug fixes, addressing vulnerabilities like a zero-day bug exploited by cybercriminals. This bug, affecting devices running software prior to iOS 17.2, could have granted hackers elevated access to sensitive information. Apple has patched this vulnerability across its product range, including iPhones, iPads, and Macs. Users are encouraged to update their devices regularly to protect against security threats and ensure optimal performance.
Exploring the Dynamic Community of Elon Musk’s DOGE Universe
Elon Musk has created a network of companies that serve as a training ground for engineers and a testing platform for associates, now intersecting with the U.S. federal government. TechCrunch’s investigation reveals connections between Musk’s associates and the Department of Government Efficiency (DOGE), showcasing Musk’s influence in tech. Discoveries include the deployment of an AI chatbot and a reduction in cybersecurity personnel at CISA. The White House emphasized DOGE’s mission to enhance government efficiency while acknowledging potential resistance from entrenched bureaucracies. Key figures in Musk’s inner circle play vital roles in advancing DOGE’s objectives.
Governments Uncover Multiple Spyware-Infested Android Apps: A Call to Action for Users
A coalition of governments, including the U.K., U.S., and Australia, has revealed that certain legitimate-looking Android apps are actually spyware targeting civil society groups opposing Chinese state interests. The spyware families, BadBazaar and Moonshine, function as “trojan” malware, offering extensive surveillance capabilities such as accessing cameras, microphones, and location data. The primary targets include Uyghurs, Tibetans, and Taiwanese advocates, as well as democracy supporters in Hong Kong. The National Cyber Security Centre (NCSC) published a list of over 100 malicious apps, including prayer and chat applications. Tech giants Google and Apple have yet to respond to the findings.