Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. […]
Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security
AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. […]
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called “Revival Hijack,” where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. […]
Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.
According to the description of the bug in the NIST National
The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.
According to the description of the bug in the NIST National
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations.
It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in “hundreds of thousands” of malicious package
It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in “hundreds of thousands” of malicious package
FBI: North Korea Aggressively Hacking Cryptocurrency Firms
The FBI warns of North Korean threat actors conducting social engineering campaigns targeting employees in the cryptocurrency industry.
The post FBI: North Korea Aggressively Hacking Cryptocurrency Firms appeared first on SecurityWeek.
Crypto Vulnerability Allows Cloning of YubiKey Security Keys
YubiKey security keys can be cloned via a side-channel attack that leverages a vulnerability in a cryptographic library.
The post Crypto Vulnerability Allows Cloning of YubiKey Security Keys appeared first on SecurityWeek.
The New Effective Way to Prevent Account Takeovers
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” argues that the
Zyxel Patches Critical Vulnerabilities in Networking Devices
Zyxel has released patches for multiple vulnerabilities in its networking devices, including a critical flaw impacting access points and security routers.
The post Zyxel Patches Critical Vulnerabilities in Networking Devices appeared first on SecurityWeek.
White House Outlines Plan for Addressing BGP Vulnerabilities
The White House has released a roadmap for addressing internet routing (BGP) security issues, mainly through RPKI adoption.
The post White House Outlines Plan for Addressing BGP Vulnerabilities appeared first on SecurityWeek.