Sign up to save your podcasts
Or
Share 2024-02-21 : Daily : Gracie Folkins
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
2024-02-21 : Daily : Gracie Folkins
I'm Gracie Folkins, today is February 21st, 2024, and you are listening to Hack News Daily.
An employee at the Stratford-on-Avon District Council misused their access to steal 79,000 email addresses to promote a private business. This action resulted in a police caution and led the council to implement data breach resolution measures.
A report highlights that up to 275 credit unions using CU Solutions Group's content management system were at risk. They were vulnerable to account takeover and credential theft due to critical vulnerabilities. However, these have been mitigated by an update, and the implementation of multi-factor authentication is recommended.
The UK's National Crime Agency has taken significant action against the LockBit ransomware group. They've seized infrastructure, arrested affiliates, and plan to expose the group leader's identity. This marks a major setback for the cybercrime group and showcases law enforcement's global collaboration and strategic offensive against such threats.
New malware named Migo, targeting Redis servers, has been discovered. It mines cryptocurrency by disabling security configurations and uses a user-mode rootkit to evade detection. System administrators must be vigilant and secure their Linux hosts against these specific attack vectors.
A critical vulnerability, known as KeyTrap and identified as CVE-2023-50387, has been discovered in the DNSSEC. It could potentially cause extended Internet outages by sending DNS servers into an unresolvable loop. Updates to patch this issue have been released and need to be applied immediately.
Signal is enhancing user privacy by introducing a beta feature that allows users to create usernames, concealing their phone numbers. However, a phone number is still required during the registration process.
A security lapse at Wyze allowed 13,000 customers to inadvertently access video feeds from other users' cameras. This issue was attributed to a third-party library problem during high server load. The company has since implemented additional verification measures to prevent similar incidents.
ConnectWise has patched two critical vulnerabilities in its ScreenConnect software. The most severe allowed remote code execution. Users are urged to update to version 23.9.8 or apply the provided patches for earlier versions immediately...
View all episodes
By Jared FolkinsI'm Gracie Folkins, today is February 21st, 2024, and you are listening to Hack News Daily.
An employee at the Stratford-on-Avon District Council misused their access to steal 79,000 email addresses to promote a private business. This action resulted in a police caution and led the council to implement data breach resolution measures.
A report highlights that up to 275 credit unions using CU Solutions Group's content management system were at risk. They were vulnerable to account takeover and credential theft due to critical vulnerabilities. However, these have been mitigated by an update, and the implementation of multi-factor authentication is recommended.
The UK's National Crime Agency has taken significant action against the LockBit ransomware group. They've seized infrastructure, arrested affiliates, and plan to expose the group leader's identity. This marks a major setback for the cybercrime group and showcases law enforcement's global collaboration and strategic offensive against such threats.
New malware named Migo, targeting Redis servers, has been discovered. It mines cryptocurrency by disabling security configurations and uses a user-mode rootkit to evade detection. System administrators must be vigilant and secure their Linux hosts against these specific attack vectors.
A critical vulnerability, known as KeyTrap and identified as CVE-2023-50387, has been discovered in the DNSSEC. It could potentially cause extended Internet outages by sending DNS servers into an unresolvable loop. Updates to patch this issue have been released and need to be applied immediately.
Signal is enhancing user privacy by introducing a beta feature that allows users to create usernames, concealing their phone numbers. However, a phone number is still required during the registration process.
A security lapse at Wyze allowed 13,000 customers to inadvertently access video feeds from other users' cameras. This issue was attributed to a third-party library problem during high server load. The company has since implemented additional verification measures to prevent similar incidents.
ConnectWise has patched two critical vulnerabilities in its ScreenConnect software. The most severe allowed remote code execution. Users are urged to update to version 23.9.8 or apply the provided patches for earlier versions immediately...