Security News
On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees. "Since early-March 2024, the FBI Internet Crime Complaint Center has received over 2,000 complaints reporting smishing texts representing road toll collection service from at least three states," the FBI explained in a public service announcement published today.
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. The next day, a proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python.
This caused the file to automatically be executed by Python without a warning from Telegram like it does for other executables, and was supposed to do for this file if it wasn't for a typo. In a statement to BleepingComputer, Telegram rightfully disputes that the bug was a zero-click flaw but confirmed they fixed the "Issue" in Telegram for Windows to prevent Python scripts from automatically launching when clicked.
Former Amazon security engineer Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12 million. The breached entities are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his smart contract reverse engineering and blockchain audit skills.
Apple sent a threat notification to iPhone users in 92 countries on April 10 informing them that their device was "Being targeted by a mercenary spyware attack." The alert, sent at 12:00 p.m. Pacific Time, told recipients that the attackers were attempting to "Remotely compromise" their phone and that they were likely being targeted specifically "Because of who you are or what you do." Apple's notification did not identify the alleged attackers, nor did it specify the locations of its recipients. iPhone users who have received the mercenary spyware attack alert should enlist expert cybersecurity help, Apple stated on its dedicated support page.
The Federal Trade Commission is sending out $6,300,000 in partial refunds to 267,000 former AT&T Wireless customers as part of a data throttling settlement in 2019. The action follows a 2014 lawsuit by the FTC claiming that AT&T did not fully disclose the terms of its so-called "Unlimited data plans" to customers, specifically the fact that their data speeds would be significantly reduced after they hit a certain data consumption threshold.
The Sophos research revealed the extent of the popularity and effectiveness of ransomware groups targeting corporate backups. Only 26% of companies with compromised backups were fully recovered within a week, compared to 46% of those without compromised backups.
Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March. The company said the attackers used login information stolen from other online platforms to breach as many active Roku accounts as possible in credential stuffing attacks.
"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000...
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.