The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth update this month, addresses a new remote code execution vulnerability found in 2.17.0. CVE-2021-44832 allows an attacker with permission to modify the logging configuration ...

Some users of password manager LastPass are reporting that their master passwords have been compromised after receiving emails that someone had tried to access their accounts from unknown locations. News of the compromise first emerged Tuesday on social media, including Twitter Inc., Reddit Inc. and Y Combinator’s Hacker News. The threads tell a similar tale: ...

Meta Platform Inc.’s ambitions to make the metaverse and virtual reality mainstream have gotten a boost as the Oculus app became the most popular app on Apple Inc.’s App Store on Christmas Day. The app, downloaded by Meta’s Oculus users to manage their headsets, surged to the top of the list, indicating that Oculus headsets ...

Microsoft Corp. has filed a patent for a three-panel foldable device that would presumably be a “Surface Trio” if it ever comes to market. Discovered today by Patently Apple, the patent was first filed in June 2020 and was only made public Dec. 23 by the U.S. Patent and Trademark Office. It covers what Microsoft ...

A Dutch regulatory body has ordered Apple Inc. to allow dating apps to offer in-app purchases via third-party payment solutions, a small blow to Apple’s monopoly on payments within iOS apps. The Netherlands Authority for Consumers and Markets made the ruling on Friday following a two-year investigation into Apple’s payment processes. The focus on dating ...

Cybersecurity startup Snyk Ltd. is planning to go public via an initial public offering as early as next year, according to a report from Bloomberg late today. Referencing people familiar with the matter, the report says Snyk is currently talking to banks about a mid-2022 IPO. The company is said to be targeting a float at ...

People trying to download an illegal copy of “Spider-Man: No Way Home” are in for an unpleasant surprise, as copies on “torrent” sites that point to illicit copies of movies were found to include a persistent cryptocurrency miner as an unwanted bonus. Detailed today by researchers at Reason Cybersecurity Ltd., the illicit copies of the latest ...

In response to a National Highway Traffic Safety Administration’s Office of Defects Investigation, Tesla Inc. today said it has disabled the ability to play video games while their vehicles are being driven. As reported yesterday, the NHTSA ODI investigation was launched following a complaint that the gaming feature available on Tesla models starting from 2017, could ...

Monongalia Health System Inc., a company that runs three hospitals in West Virginia, has been struck by a business email compromise attack. Described Dec. 21 by the company as a “data security incident,” the attack started with an email phishing incident that led to the theft of data and hijacked payments. The company first became aware ...

A vulnerability in Microsoft Corp.’s Azure App Service has been found to expose hundreds of source code repositories. Discovered by security researchers at Wiz Inc. and detailed Dec. 21, the vulnerability, dubbed “NotLegit,” involves insecure default behavior in the Azure App Service. The vulnerability, which has existed since September 2017, exposed the source code of ...