Security News > 2023

Mortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial. LoanCare is a sub-servicing and interim sub-servicing provider and a significant player in the mortgage servicing sector, handling approximately $390 billion in balances from 1.2 million loans.

Panasonic Avionics Corporation, a leading supplier of in-flight communications and entertainment systems, disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago, in December 2022. "On December 30, 2022, Panasonic identified evidence of an issue potentially impacting certain systems in our corporate network environment that occurred on or around December 14, 2022," the company said in data breach notification letters sent over the weekend.

A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. Even though the apps have since been removed from Google Play, users who installed them since mid-2020 might still carry active Xamalicious infections on their phones, requiring manual scans and cleanup.

A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The...

The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. The discovery and use of obscure hardware features likely reserved for debugging and factory testing to launch spyware attacks against iPhone users suggest that a sophisticated threat actor conducted the campaign.

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked...

When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content and settings, using payment methods saved in Safari, and more. No passcode fallback is available in the event that the user is unable to complete Face ID or Touch ID authentication.

Network and email security firm Barracuda says it remotely patched all active Email Security Gateway appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers. The company deployed a second wave of security updates a day later on already compromised ESG appliances where the attackers deployed SeaSpy and Saltwater malware.

Cybercrime actor DragonForce which claimed responsibility for the attack has also leaked 95 GB of data that it states, belongs to the company. In a statement to BleepingComputer, Yakult Australia confirmed it was investigating a cyber incident that occurred in mid-December.

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the...