February, 2024 - Security Ticks

Spoutible API exposed encrypted password reset tokens, 2FA secrets of users

account hijacking, API security, data breach, Don't miss, Hot stuff, News, social media, Spoutible, vulnerability / SecurityTicks

Spoutible API exposed encrypted password reset tokens, 2FA secrets of users 2024-02-06 at 16:33 By Helga Labus A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped […]

React to this headline:

Spoutible API exposed encrypted password reset tokens, 2FA secrets of users Read More »

Japan stumps up more cash for Kioxia and Western Digital to make memory chips

Uncategorized / SecurityTicks

Japan stumps up more cash for Kioxia and Western Digital to make memory chips 2024-02-06 at 16:17 By Dan Robinson Pair still looking to merge after SK hynix blocked deal Japan is set to provide more subsidies for chip companies Kioxia and Western Digital to boost memory production. The move follows reports that a cancelled

React to this headline:

Japan stumps up more cash for Kioxia and Western Digital to make memory chips Read More »

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising

Uncategorized / SecurityTicks

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising 2024-02-06 at 16:01 By During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December 2023, Trustwave SpiderLabs discovered Ov3r_Stealer, an infostealer distributed using Facebook advertising and phishing emails. SpiderLabs’ “Facebook Advertising Spreads Novel Malware Variant,” is an in-depth dive into

React to this headline:

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising Read More »

A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack

cyberattack, healthcare, Ransomware / SecurityTicks

A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack 2024-02-06 at 16:01 By Associated Press Chicago children’s hospital forced to take networks offline after cyberattack, limiting access to medical records and hampering communication. The post A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack appeared first on SecurityWeek. This

React to this headline:

A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack Read More »

Canon Patches 7 Critical Vulnerabilities in Small Office Printers

Canon, printer, Vulnerabilities / SecurityTicks

Canon Patches 7 Critical Vulnerabilities in Small Office Printers 2024-02-06 at 16:01 By Ionut Arghire Canon announces patches for seven critical-severity remote code execution flaws impacting small office printer models. The post Canon Patches 7 Critical Vulnerabilities in Small Office Printers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Canon Patches 7 Critical Vulnerabilities in Small Office Printers Read More »

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

Uncategorized / SecurityTicks

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM 2024-02-06 at 15:47 By Connor Jones Admins should get a move on while info is scarce and exploits aren’t yet available Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution.… This article is an

React to this headline:

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM Read More »

Akamai Content Protector detects and mitigates evasive scrapers

Akamai, Industry news / SecurityTicks

Akamai Content Protector detects and mitigates evasive scrapers 2024-02-06 at 15:32 By Industry News Akamai announced Content Protector, a product that stops scraping attacks without blocking the good traffic that companies need to enhance their business. Scraper bots are a critical and often productive part of the commerce ecosystem. These bots search for new content,

React to this headline:

Akamai Content Protector detects and mitigates evasive scrapers Read More »

Oracle partner gets multimillion top-up after Edinburgh Uni disaster

Uncategorized / SecurityTicks

Oracle partner gets multimillion top-up after Edinburgh Uni disaster 2024-02-06 at 15:02 By Lindsay Clark More changes required in wake of ERP go-live that left staff and suppliers waiting for payment Scotland’s University of Edinburgh has awarded systems integrator and support company Inoapps an additional £3.6 million ($4.5 million) contract fee for “changes in requirements

React to this headline:

Oracle partner gets multimillion top-up after Edinburgh Uni disaster Read More »

OpenText Fortify Audit Assistant increases developer efficiency by reducing noise and false positives

Industry news, OpenText / SecurityTicks

OpenText Fortify Audit Assistant increases developer efficiency by reducing noise and false positives 2024-02-06 at 15:01 By Industry News OpenText announced the second generation of its advanced cybersecurity auditing technology. Today’s developers are dealing with more complexity and threats in multi-cloud environments. Security teams feel increasing pressure to tackle application security with more sophisticated tools

React to this headline:

OpenText Fortify Audit Assistant increases developer efficiency by reducing noise and false positives Read More »

Critical Remote Code Execution Vulnerability Patched in Android

Android, Vulnerabilities / SecurityTicks

Critical Remote Code Execution Vulnerability Patched in Android 2024-02-06 at 14:46 By Ionut Arghire Android’s February 2024 security patches resolve 46 vulnerabilities, including a critical remote code execution bug. The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Critical Remote Code Execution Vulnerability Patched in Android Read More »

Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers

Hacker Conversations, Tracking & Law Enforcement / SecurityTicks

Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers 2024-02-06 at 14:46 By Kevin Townsend SecurityWeek talks to Rob Dyke, discussing corporate legal bullying of good faith researchers. The post Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers Read More »

GitOps pioneer Weaveworks unravels after funding fabric frays

Uncategorized / SecurityTicks

GitOps pioneer Weaveworks unravels after funding fabric frays 2024-02-06 at 14:17 By Richard Speed Company burned through $61.6M in investment Former cloud native darling Weaveworks has announced that it is closing its doors after failing to get acquired and suffering from a “volatile” cash position.… This article is an excerpt from The Register View Original

React to this headline:

GitOps pioneer Weaveworks unravels after funding fabric frays Read More »

NinjaOne raises $231.5 million to boost product innovation

Industry news, NinjaOne / SecurityTicks

NinjaOne raises $231.5 million to boost product innovation 2024-02-06 at 14:01 By Industry News NinjaOne announced it raised a $231.5 million Series C funding round led by ICONIQ Growth. Frank Slootman, Chairman and CEO of Snowflake; and Amit Agarwal, President of Datadog; among others also invested in the round. With this financing, ICONIQ Growth General

React to this headline:

NinjaOne raises $231.5 million to boost product innovation Read More »

KDE 6 misses boat to make it into Kubuntu 24.04

Uncategorized / SecurityTicks

KDE 6 misses boat to make it into Kubuntu 24.04 2024-02-06 at 13:32 By Liam Proven ‘Noble Numbat’ users will face a major post-install upgrade, which isn’t ideal The next major release of KDE Plasma is getting close, but not close enough for the next major Ubuntu release.… This article is an excerpt from The

React to this headline:

KDE 6 misses boat to make it into Kubuntu 24.04 Read More »

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM

Uncategorized / SecurityTicks

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM 2024-02-06 at 13:32 By SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that

React to this headline:

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM Read More »

Google Links Over 60 Zero-Days to Commercial Spyware Vendors

Featured, Google, Government, spyware, Tracking & Law Enforcement, Zero-Day / SecurityTicks

Google Links Over 60 Zero-Days to Commercial Spyware Vendors 2024-02-06 at 13:16 By Eduard Kovacs More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors. The post Google Links Over 60 Zero-Days to Commercial Spyware Vendors appeared first on SecurityWeek. This

React to this headline:

Google Links Over 60 Zero-Days to Commercial Spyware Vendors Read More »

IBM LinuxONE 4 Express protects sensitive private data

IBM, Industry news / SecurityTicks

IBM LinuxONE 4 Express protects sensitive private data 2024-02-06 at 13:03 By Industry News IBM announced IBM LinuxONE 4 Express, extending the latest performance, security and AI capabilities of LinuxONE to small and medium sized businesses and within new data center environments. The pre-configured rack mount system is designed to offer cost savings and to

React to this headline:

IBM LinuxONE 4 Express protects sensitive private data Read More »

ResumeLooters target job search sites in extensive data heist

cybercrime, cybersecurity, Group-IB, News, security assessment, SQL injection, XSS / SecurityTicks

ResumeLooters target job search sites in extensive data heist 2024-02-06 at 12:47 By Help Net Security Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2023 through SQL injection and XSS

React to this headline:

ResumeLooters target job search sites in extensive data heist Read More »

New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies

Uncategorized / SecurityTicks

New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies 2024-02-06 at 12:33 By Connor Jones How good are your takedowns when fresh gangs are linked to previous ops, though? At least 25 new ransomware gangs emerged in 2023, with Akira and 8Base proving the most “successful,” research reveals.… This

React to this headline:

New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies Read More »

Hackers Exploit Job Boards in APAC, Steal Data of Millions of Job Seekers

Uncategorized / SecurityTicks

Hackers Exploit Job Boards in APAC, Steal Data of Millions of Job Seekers 2024-02-06 at 12:33 By Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew’s

React to this headline:

Hackers Exploit Job Boards in APAC, Steal Data of Millions of Job Seekers Read More »