-
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. “When your headphones are seeking a connection…
-
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information. According to Sucuri, the latest campaign entails making malicious…
-
How Straightaway is bringing batch cocktails to the masses
Batch cocktail maker Straightaway has kept high quality craft at the heart of its business. Now, its cans and bottles are getting into more consumers’ hands.
-
Expo Center could get $440M makeover
The Metro Council is considering an Expo Center plan that could cost $446 million.
-
Legal aid groups lease 17,000 SF in downtown Portland historic building
A historic office building purchased at a discount last year signed two new tenants.
-
Oregon sued over access to magic mushrooms
The plaintiffs are challenging OHA’s “failure to ensure” that the psilocybin program doesn’t discriminate against physically disabled individuals.
-
Nike apparel VP jumps to Gap to lead design
Flynn started with Nike as a U.S. men’s apparel designer in 2005 and worked her way up to her most recent position in 2022.
-
New Attack Technique Exploits Microsoft Management Console Files
Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc”) that was uploaded to the VirusTotal malware
-
How to Cut Costs with a Browser Security Platform
Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk – the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive…
-
New Cyberthreat ‘Boolka’ Deploying BMANAGER Trojan via SQLi Attacks
A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. “The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022,” Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said…
