Apache Software Foundation has issued a security advisory regarding a critical vulnerability within the Struts 2 open-source web application framework, posing a significant risk for remote code execution (RCE). This vulnerability, designated as CVE-2023-50164, stems from inadequate “file upload logic” that permits unauthorized path traversal. If exploited, attackers can upload…
The U.S. government has filed a superseding indictment against Julian Assange, the founder of WikiLeaks, alleging his involvement with hacking groups such as LulzSec and Anonymous. This updated indictment expands on the previous 18-count charges, initially levied in May 2019, though it does not introduce new allegations. The Department of…
A recent incident has underscored the extent of data collection by Facebook, particularly concerning its Messenger application installed on Android devices. Reports indicate that until late last year, Facebook was collecting users’ contact lists, SMS, and call history data without explicit user consent, raising serious privacy concerns. The situation gained…
Scott MacDonald: Leader in Cybersecurity and Risk Management at PwC Principal, Cyber, Risk and Regulatory Scott MacDonald serves as a Principal in PwC’s Cybersecurity practice, boasting two decades of expertise in large-scale Identity and Access Management (IAM) initiatives, particularly within the healthcare sector. His career has been marked by the…
E-commerce leader Coupang Inc. is currently embroiled in a class-action lawsuit in the United States following a significant data breach that compromised the personal information of approximately 33.7 million customers in South Korea. This number represents about two-thirds of the nation’s population, raising serious concerns regarding the implications of such…
On Monday, Apple unveiled a series of security updates across its platforms, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari, aimed at rectifying numerous vulnerabilities while also backporting critical fixes for two recently identified zero-day flaws affecting older devices. The updates address 12 significant security vulnerabilities in iOS and iPadOS.…
In a troubling evolution of cybercrime tactics, malicious actors are now embedding harmful code within the metadata of image files, notably targeting payment card data entered on compromised websites. This technique, identified as a form of steganography, was recently highlighted by researchers at Malwarebytes, who discovered that cybercriminals have effectively…
A significant development in the cybersecurity landscape has emerged with the arraignment of Yevgeniy Aleksandrovich Nikulin, a 30-year-old Russian national accused of orchestrating major data breaches affecting LinkedIn, Dropbox, and Formspring in 2012. The breaches allegedly compromised the personal information of over 100 million users, raising substantial concerns about cybersecurity…
Webinar Insights: Combatting Polymorphic Malware Threats to Email Security An alarming trend in cybersecurity has emerged, with approximately $350 million in avoidable losses attributed to polymorphic malware—malicious software that continually alters its code to evade conventional detection methods. As 18% of newly identified malware employs adaptive techniques, organizations are urged…
