Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or change the victim's clipboard. Tracked as CVE-2024-28085, the security issue has been...
JetBrains fixes 26 ‘security problems,’ offering no details • The Register
JetBrains TeamCity users are urged to apply the latest version upgrade this week after the vendor disclosed 26 new security issues in the CI/CD web application. However, JetBrains declined to release details. The release notes for version 2024.03 simply state...
Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company says that the attacks have also been targeting...
Canonical to manually approve new Snap package names • The Register
After multiple waves of cryptocurrency credential-stealing apps were uploaded to the Snap store, Canonical is changing its policies. In what's expected to be a temporary measure, an announcement on the Snapcraft Discourse says that the Ubuntu vendor will switch...
New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named ‘Darcula’ uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. Darcula has been used against various services and organizations, from postal, financial,...
Apple users deluged by phony password reset requests • The Register
Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset. First called out on X/Twitter by AI entrepreneur Parth Patel –...
KuCoin charged with AML violations that let cybercriminals launder billions
The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money. Founded in 2017 by...
Windows 11 KB5035942 update enables Moment 5 features for everyone
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. This monthly optional cumulative update allows Windows users and admins to test OS...
Uncle Sam has had enough of SQL injection vulnerabilities • The Register
The US has clearly had enough of software vendors shipping products with "unforgivable" vulnerabilities, and is now urging them to launch formal code reviews to stamp out SQL injection flaws. The Federal Bureau of Investigation (FBI) and Cybersecurity and...
DEF CON hackers ready AI fixes to critical health-care flaws • The Register
Interview As ransomware gangs target critical infrastructure – especially hospitals and other healthcare organizations – DARPA has added another government agency partner to its Artificial Intelligence Cyber Challenge (AIxCC). AIxCC is the two-year competition...