A critical security hole affecting Apache Commons Text has been compared to the notorious Log4Shell vulnerability, but experts say it’s not as widespread.
Critical Apache Commons Text Flaw Compared to Log4Shell, But Not as Widespread
Zimbra Patches Under-Attack Code Execution Bug
Messaging and collaboration software maker Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines.
Zoom for macOS Contains High-Risk Security Flaw
Video messaging technology powerhouse Zoom has rolled out a high-priority patch for macOS users alongside a warning that hackers could abuse the software flaw to connect to and control Zoom Apps.
Retail Giant Woolworths Discloses Data Breach Impacting 2.2 Million MyDeal Customers
Australian retail giant Woolworths revealed on Friday that a recent data breach has impacted the information of 2.2 million MyDeal customers.
Woolworths acquired 80% of the MyDeal online marketplace in September, but says MyDeal systems are completely separate from its own systems, which have not been impacted by the incident.
New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland
A new ransomware family has been observed targeting transportation and related logistics organizations in Ukraine and Poland, Microsoft warns.
Fortinet Admits Many Devices Still Unprotected Against Exploited Vulnerability
Fortinet is concerned that many of its customers’ devices are still unprotected against attacks exploiting the recently disclosed zero-day vulnerability and the company has urged them to take action.
75 Arrested in Crackdown on West-African Cybercrime Gangs
Interpol last week announced the results of a joint law enforcement effort aimed at dismantling West-African cyber-enabled financial crime operations.
New ‘Black Lotus’ UEFI Rootkit Provides APT-Level Capabilities to Cybercriminals
A threat actor is promoting on underground criminal forums a vendor-independent UEFI rootkit that can disable security software and controls, cybersecurity veteran Scott Scheferman warns.
