News

Applications using the open-source libraries 'colors' and 'faker' have been breaking and printing gibberish. These libraries serve hundreds of thousands of projects, with millions of weekly downloads for open-source projects like Amazon's Cloud Development Kit. Projects that were using the code began to print messages, including text, such as 'LIBERTY LIBERTY LIBERTY', to the surprise of their developers and teams. It was thought that these libraries had been compromised. However, it appears that the developer...

The threat posed by the Log4j vulnerability hasn't gone away over the holidays, with the UK's National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves. "Affected organisations should review the VMware Horizon section of the VMware security advisory VMSA-2021-0028 and apply the relevant updates or mitigations immediately or subsequently consult the NHS Digital...

An emergency notice was filed by Bernalillo County in federal court last week, after a ransomware attack affected the Metropolitan Detention Center. The incident made it impossible for the MDC to comply with terms of a settlement agreement in a lawsuit over the jail conditions. The attack impacted the offices and systems in a variety of country government operations, including county buildings and services which were closed until further notice. Consequently, the MDC has been...

Around 7.5 million DatPiff users' account credentials and emails are available to download on RaidForum, a popular hacking forum. DatPiff is a mixtape hosting site that allows users to upload or download samples for free. The site has gained over 15 million users since launching in 2005. It appears that DatPiff's users' data has been available to buy publicly since July 2020, according to a report from BleepingComputer. Currently, it is unclear when the breach...

The Information Commissioner's Office (ICO) in the UK has appointed former New Zealand privacy commissioner John Edwards to head position, taking over from Elizabeth Denham. He started his five year term this week and said in a statement that he wants to "empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong."   In what is sure...

Messages from corporate emails were being undelivered at the start of the new year due to a Microsoft Exchange Server bug. Microsoft published an update on 1st January 2022, stating that emails were getting stuck in transport queues of on-premise Exchange Servers. This problem was caused by a "date check failure" in the servers malware scanning engine. Microsoft has published 2 solutions for users to fix the problem. The first solution is an automated one,...

Researcher Seif Elsallamy recently discovered a vulnerability in Uber's emailing system, which allows anyone to send an email on behalf of the company. If exploited, threat actors would be able to email the 57 million Uber users and drivers whose data was leaked in the 2016 data breach. Uber has been made aware of the flaw, although a fix has yet to be issued. Any emails sent using this flaw would appear as legitimate to...

Broward Health, a Florida-based healthcare system with over thirty locations, has suffered a significant data breach impacting over a million individuals. The incident took place last October, and Broward Health was able to identify the intrusion four days after the compromise. Authorities were informed immediately, and employees were invited to reset their credentials. It now appears threat actors have been able to get their hands on patients' personal medical information, including sensitive data such as...

A new denial of service (DoS) vulnerability dubbed "doorLock" was recently revealed in Apple HomeKit, impacting iOS 14.7 through 15.2. Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices. According to the researcher who disclosed the details, Apple has been aware of the vulnerability since August 2021, but has not addressed the issue. To trigger 'doorLock,' an attacker would change the name of a HomeKit...

Apple has fixed the macOS vulnerability that could be exploited by unsigned and unauthorized script-based apps to bypass macOS security protocols on fully patched systems. The flaw was identified as CVE-2021-30853, and the vulnerability has been addressed on macOS 11.6.