Security News > 2024 > April

Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage devices exposed online and unpatched against a critical remote code execution zero-day flaw. Mirai variants are usually designed to add infected devices to a botnet that can be used in large-scale distributed denial-of-service attacks.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Google is rolling out an upgraded Find My Device network to Android devices in the United States and Canada, almost one year after it was first unveiled during the Google I/O 2023 conference in May. Users with Android 9 or later can now use the Find My Device application to locate their phones and tablets-even when offline or with dead batteries, if they're Pixel 8 and 8 Pro devices). The newly upgraded Find My Device network utilizes the Bluetooth proximity of over one billion active Android devices to help locate lost phones and tablets.

A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. The CVE-2024-3094 backdoor found in XZ Utils was implemented to interfere with authentication in SSHD, the OpenSSH server software that handles SSH connections.

Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. Website security firm Sucuri disclosed last month that hackers had compromised approximately 1,000 WordPress sites to promote crypto drainers, which they promoted via malvertising and YouTube videos.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

A recent series of reports and data point to one consistent theme: The skills crisis in the Australian IT industry is deepening and the nation-wide solutions seem unrealistic, but for IT professionals who are motivated to develop their skillsets, the opportunity is massive. In acknowledging that there is a need for migrant skills to fill the gaps, late last year, the government announced a new skilled visa that covers skills in deepest demand, including IT. As defence think tank ASPI noted in a report of its own, there are only around 7,000 Australian students graduating with an IT degree each year, while demand for IT professionals is expected to grow by 233,000 by 2033.

UK veterinary services provider CVS Group has announced that it suffered a cyberattack that disrupted IT services at its practices across the country. CVS Group operates 500 veterinary practices throughout the UK, Australia, the Netherlands, and the Republic of Ireland, including nine specialist referral hospitals, 39 dedicated out-of-hours sites, three laboratories, and seven pet crematoria.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Information regarding which content is presented to you and how you interact with it can be used to determine whether the content e.g. reached its intended audience and matched your interests.

Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel...