Security News

Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. According to data breach aggregation service Have I Been Pwned, 1,348,407 PandaBuy accounts have been exposed in the breach.

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the...

The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service of Scotland. In a post yesterday, the cybercriminals shared multiple images containing medical details and said that they would leak data "Soon," unless the NHS pays a ransom.

The newly exposed GoFetch vulnerability affecting Apple's M1, M2 and M3 chips lets an attacker exfiltrate secret keys from cryptographic applications on a targeted system. DMPs - in contrast to classical prefetchers that only store the memory access pattern - "Also take into account the contents of data memory directly to determine what to prefetch," as written in the publication from Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella and Daniel Genkin that reveals all of the details about the GoFetch vulnerability.

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a...

ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security...

Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. "We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that 'looks like' a pointer," the team say in the paper.

US government is urging state officials to band together to improve the cybersecurity of the country's water sector amid growing threats from foreign adversaries. The Environmental Protection Agency announced it is seeking to establish a Water Sector Cybersecurity Task Force to beef up current work to implement "Immediate" solutions to prevent one of the US's most critical services from disruption.

More than 70 million records, allegedly stolen from AT&T in 2021, were dumped on a cybercrime forum at the weekend. The stolen files include names, Social Security Numbers, dates of birth, addresses, emails, phone numbers and other personal information, according to Dark Web Informer, who first spotted the massive data dump by the criminals.

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the...