News

A missing authentication check vulnerability in Azure Cosmos DB could have allowed an attacker to execute arbitrary code remotely, Orca Security warns. Azure Cosmos DB is a NoSQL database used on e-commerce platforms to store catalog data, and in order processing pipelines for event sourcing. The security defect was identified in Azure Cosmos DB Jupyter notebooks, an open-source interactive developer environment (IDE) that allows developers to share documents, live code, visualizations, and more. Built into…

Read More

Twitter’s unending fight against spam accounts is now a problem for new owner Elon Musk, who pledged in April to defeat the bot scourge or “die trying!” He later cited bots as a reason to back out of buying the social platform. Now that the billionaire has completed the deal, he’s faced with the task of delivering on his promise to clean up the fake profiles that have preoccupied him and bedeviled Twitter since long…

Read More

The federal agency that provides low-income housing in Indianapolis is facing a ransomware attack that’s delayed its ability to send out rent payments to landlords, a top agency official says. All employees of the Indianapolis Housing Agency lost access to their email during the attack, which began weeks ago. That includes its executive director, Marcia Lewis, who lost access to her email for days but regained access to it Tuesday, The Indianapolis Star reported, citing…

Read More

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions. On August 7, Twilio revealed that it had detected unauthorized access to information related to customer accounts a few days earlier. A probe revealed that the breach was a result of an SMS phishing (smishing) attack targeting the company’s employees. At around the same…

Read More

The DHS on Thursday announced Cybersecurity Performance Goals (CPGs) to help organizations — particularly in critical infrastructure sectors — prioritize cybersecurity investments and address critical risks. The CPGs were developed by the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with NIST based on feedback from partners in public and private sectors. They are a result of the White House’s efforts to improve the US’s cybersecurity, and the DHS says the goals are unique…

Read More

The New York Post said Thursday it had been “hacked” by an employee after the tabloid newspaper’s Twitter account posted a series of antagonistic messages, including a call for the assassination of US President Joe Biden. The rogue tweets were removed late Thursday morning.  “The New York Post has been hacked. We are currently investigating the cause,” a message on the tabloid’s account said. “The New York Post’s investigation indicates that the unauthorized conduct was…

Read More

VMware this week announced patches for a critical remote code execution vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). Tracked as CVE-2021-39144 (CVSS score of 9.8), the security defect exists in XStream, an open source library to serialize objects to XML and back. The bug impacts all XStream iterations until and including version 1.4.17. Only out-of-the-box versions are affected, but not those where XStream’s security framework was set up with a…

Read More

A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as “Raccoon Infostealer,” the US Justice Department said Tuesday. Mark Sokolovsky, 26, is being held in the Netherlands and the United States is seeking his extradition, the department said in a statement. It said Raccoon Infostealer malware was leased to cybercriminals for $200 a month, payable in cryptocurrency. The malware was then installed…

Read More

Apple on Monday shipped a major iOS update with fixes at least 20 documented security defects, including a kernel flaw that’s already being actively exploited in the wild. The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this…

Read More

Iran’s Atomic Energy Organisation said Sunday an email server of its subsidiary was hacked in a “foreign” attack aimed at drawing “attention” amid protests over the death of Mahsa Amini. The Islamic republic has been gripped by weeks-long demonstrations sparked by the death of 22-year-old Amini on September 16 after her arrest for allegedly violating the country’s strict dress code for women. The street violence has led to dozens of deaths, mostly among protesters but…

Read More