Apple’s macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. […]
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. […]
Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks
Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.
The post Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks appeared first on SecurityWeek.
Implement MFA or Risk Non-Compliance With GDPR
The UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.
The post Implement MFA or Risk Non-Compliance With GDPR appeared first on SecurityWeek.
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. “
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. “
How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply
With skilled CISOs in short supply, service providers are turning to virtual CISOs. A new eBook by Cynomi explains how service providers/MSPs can quickly and easily expand vCISO service offerings to their customers. […]
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s
Scamnetic Emerges From Stealth With AI-Based Scam Detection Solution
Scamnetic emerges from stealth mode with an AI-based scam detection solution and over $1 million in pre-seed funding.
The post Scamnetic Emerges From Stealth With AI-Based Scam Detection Solution appeared first on SecurityWeek.
Secure by Default: What It Means for the Modern Enterprise
What does “secure by default” mean for the average company as you implement security systems and protocols?
The post Secure by Default: What It Means for the Modern Enterprise appeared first on SecurityWeek.
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
The ransomware scourge is still growing and still successful for attackers, Rapid7’s Ransomware Radar Report 2024 shows.
The post Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication appeared first on SecurityWeek.