Security News

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. The targeted employees have shared screenshots of messages offering $300 to those willing to aid the senders in their criminal endeavors.

The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. In March 2023, the company sent out notices of data breach to 3.2 million people who had interacted with its websites, applications, and services, that their information had been exposed due to using tracking pixels on its platform.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location.

Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. While Palo Alto Networks has started releasing hotfixes on Monday to secure unpatched firewalls exposed to attacks, the vulnerability has been exploited in the wild as a zero-day since March 26th to backdoor firewalls using Upstyle malware, pivot to internal networks, and steal data by a threat group believed to be state-sponsored and tracked as UTA0218.

YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service, and it will soon start taking action against the apps. Google exposes numerous APIs allowing developers to integrate YouTube into their applications, showing videos or retrieving data about videos hosted on the platform.

A vulnerability in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the "Heavily biased" ECDSA nonces, researchers have discovered. According to PuTTY maintainers, 521-bit ECDSA is the only affected key type.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. The researchers say the attacks started on March 18, 2024, while all attacks originate from TOR exit nodes and various other anonymization tools and proxies, which the threat actors use to evade blocks.