News – February 2024

February 13, 2024

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for numerous QNAP high-end and enterprise NAS devices. ...

February 12, 2024

Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the attack and offers suggestions that affected organizations can implement to protect themselves from it. Proofpoint researchers detected ...

February 12, 2024

The announcement, which went live on Southern Water’s website earlier today (February 12), confirms that ‘a limited part’ of the company’s server estate is at risk following an illegal intrusion earlier this year. Apologising for the breach, a spokesperson confirmed that the company is working with “expert technical advisers to confirm who is at risk,” and ...

February 12, 2024

The U.S. Government Accounting Office says it was notified of a data breach by IT contractor GCI Federal. Reuters could not immediately ascertain the size and scope of the breach. The GAO said that about 6,000 people, “primarily current and former GAO employees from 2007 to 2017,” had been affected but did not immediately respond when ...

February 12, 2024

A consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed. Now, two hacking groups have independently found the flaw that allows the mass access of ...

February 10, 2024

Cyber attacks on computer systems and mobile applications recorded the highest increase in the three months to December last year, the latest data from the Communications Authority of Kenya (CA) shows. According to the CA’s Cyber Security report for the period, system attack threats that were detected increased 10-fold compared to the preceding three-month period that ...

February 9, 2024

International Expo POLSECURE is an excellent opportunity to introduce the state-of-the-art equipment and accessories for uniformed services to the market and to win new customers. The event is also a golden occasion to exchange experiences and talks about the real needs of uniformed services. The trade fair is co-organised by the National Police Headquarters. Strategic partner of ...

February 9, 2024

In a new blog post, Ivanti says that it has found another vulnerability and urges customers to “immediately take action to ensure you are fully protected”. This vulnerability only affects a limited number of supported versions–Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read ...

February 9, 2024

The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web. Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service ...

February 8, 2024

Chasing new exploits, vulnerabilities, and threats is the way to go in the ever-changing cybercrime landscape. However, in a constant flow of information, the focus on yesterday’s highlights is low: every day, new CVEs occur, and new threats emerge. With this state of affairs, old menaces can be easily overlooked and still used by the attackers, ...