Elon Musk’s lawyers jumped Wednesday on the revelations of a Twitter whistleblower to try to force the platform to surrender vast amounts of information for their fight to cancel the billionaire’s buyout bid.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
GitLab Patches Critical Remote Code Execution Vulnerability
DevOps platform GitLab has issued patches for a critical remote code execution vulnerability impacting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases.
Tracked as CVE-2022-2884 (CVSS 9.9/10 severity), the security flaw can be exploited via the GitHub import API, but requires authentication to be triggered.
Novant Health Says Malformed Tracking Pixel Exposed Health Data to Meta
Healthcare services provider Novant Health has sent notifications to more than 1.3 million individuals that their protected health information (PHI) might have been inadvertently exposed to Facebook parent company Meta.
Apple Patches New macOS, iOS Zero-Days
Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and iOS platforms.
Apple confirmed in-the-wild exploitation of the vulnerabilities in separate advisories warning about code execution flaws in fully patched iPhone, iPad and macOS devices.
Vulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches
Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches.
Cloudflare Also Targeted by Hackers Who Breached Twilio
The threat actor that recently breached Twilio systems also targeted Cloudflare, and a few of the web security company’s employees fell for the phishing messages.
Security Firm Finds Flaws in Indian Online Insurance Broker
Last month, a small cybersecurity firm told a major Indian online insurance brokerage it had found critical vulnerabilities in the company’s internet-facing network that could expose sensitive personal and financial data from at least 11 million customers to malicious hackers.
Cyberattack Victims Often Attacked by Multiple Adversaries: Research
It’s not if, but when and how often you get attacked
Sophos research for its Active Adversary Playbook 2022 revealed that victims are often attacked by multiple adversaries – usually, in rapid succession but sometimes simultaneously. Further analysis now suggests the aphorism ‘it’s not if, but when you are attacked’ should be expanded with the extension, ‘and how often’.
Twilio Hacked After Employees Tricked Into Giving Up Login Credentials
Enterprise software vendor Twilio (NYSE: TWLO) has been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that were then used to steal third-party customer data.
