Security News > 2024 > January

Please turn on your JavaScript for this page to function normally. While a valuable tool in the cybersecurity toolkit, MFA is not immune to weaknesses.

Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based managed file transfer tool that helps organizations transfer files securely with partners and keep audit logs of who accessed all shared files.

Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. The attack hasn't disrupted Veolia's water treatment operations or wastewater services.

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. In a conversation with emo, BleepingComputer learned that a publicly exposed API was used to associate email addresses with public Trello profiles.

Organisations in Australia face a significant challenge with data. Why organisations want data to deliver personalisation.

X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys. The passkeys will be linked to the iOS device they're generated on and will significantly reduce the risk of breaches by providing protection against phishing attacks and blocking unauthorized access attempts.

A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika abuses the Martini driver, part of TG Soft's VirtIT Agent System, to disable antivirus products protecting the targeted system.

Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act compliance in the European Economic Area to allow European users to uninstall all apps in Windows by March 6. The KB5034203 is a monthly non-security optional cumulative update that enables Windows administrators to try out fixes and improvements that will come with the February 2024 Patch Tuesday release.

CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home. One of the most troubling trends we have seen in recent years has been the harassment of public officials across the political spectrum, including extreme incidents involving swatting and direct personal threats.

Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks.In a data breach notification sent to customers, Jason's Deli says hackers obtained credentials of member accounts at Jason's Deli from other sources and, on December 21, 2023, used them in a credential stuffing attack against the restaurant's website.