Security News > 2024 > April

Omni Hotels & Resorts has been experiencing a chain-wide outage that brought down its IT systems on Friday, impacting reservation, hotel room door lock, and point-of-sale systems. The hotel chain's phone helpline is also down, with a recorded message saying, "Thank you for calling Omni Hotels and Resorts. We are sorry we are currently experiencing technical difficulties and are unable to answer your call. Please try your call again at a later time."

Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Google announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts.To solve this problem, Google is working on a new feature called Device Bound Session Credentials that makes it impossible for attackers to steal your cookies by cryptographically binding your authentication cookies to your device.

Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. Key elements of the Settlement include changes to Google's disclosures regarding its data collection practices, the deletion of billions of data records, implementing measures to curb the future accumulation of personal information, and eliminating mechanisms that enabled the tracking of users in Incognito mode without their knowledge.

Applied Cryptography, for those who don't read the internet news, is a book written by Bruce Schneier last year. Schneier has gathered academic research, internet gossip, and everything he could find on cryptography into one 600-page jumble.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Russia's Prosecutor General's Office has announced the indictment of six suspected "Hacking group" members for using malware to steal credit card and payment information from foreign online stores. According to investigations, the six suspects started the malicious activity nearly seven years ago and managed to steal over 160,000 payment cards.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.