A researcher from the Ben-Gurion University of the Negev in Israel has shown how a threat actor could stealthily exfiltrate data from air-gapped computers using ultrasonic tones and smartphone gyroscopes.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
Class Action Lawsuit Filed Against Oracle Over Data Collection Practices
A class action lawsuit filed against Oracle on Friday in the Northern District of California claims that the tech giant has built a worldwide surveillance machine.
Privilege Escalation Flaw Haunts VMware Tools
Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.
The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.
GitLab Patches Critical Remote Code Execution Vulnerability
DevOps platform GitLab has issued patches for a critical remote code execution vulnerability impacting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases.
Tracked as CVE-2022-2884 (CVSS 9.9/10 severity), the security flaw can be exploited via the GitHub import API, but requires authentication to be triggered.
Novant Health Says Malformed Tracking Pixel Exposed Health Data to Meta
Healthcare services provider Novant Health has sent notifications to more than 1.3 million individuals that their protected health information (PHI) might have been inadvertently exposed to Facebook parent company Meta.
FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks
The Federal Bureau of Investigation (FBI) has raised an alarm for cybercriminals using proxies and configurations to hide and automate credential stuffing attacks against companies in the United States.
TXOne Networks Scores $70M Series B Investment
TXOne Networks, a joint venture between cybersecurity firm Trend Micro and industrial networking solutions provider Moxa, has banked $70 million in new venture capital funding.
The company, which maintains dual headquarters in Texas and Taiwan, said the Series B round was led by TGVest Capital and brings the total raised to $94 million.
Apple Patches New macOS, iOS Zero-Days
Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and iOS platforms.
Apple confirmed in-the-wild exploitation of the vulnerabilities in separate advisories warning about code execution flaws in fully patched iPhone, iPad and macOS devices.
Vulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches
Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches.
