Fortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts.
The post PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts appeared first on SecurityWeek.
Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures
A research project into vulnerabilities affecting Microsoft’s PlayReady DRM raises some questions on responsible disclosure.
The post Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures appeared first on SecurityWeek.
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks.
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey’s Audio (APE) decoder on Samsung smartphones that could lead to code execution.
The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.
“Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.
“Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.
“The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an
“The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that’s disguised as an employee CRM application as part of a supposed recruitment process.
“The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website,” the company said. “Victims are prompted to
“The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website,” the company said. “Victims are prompted to
Fake CrowdStrike job offer emails target devs with crypto miners
CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). […]
Largest US addiction treatment provider notifies patients of data breach
BayMark Health Services, North America’s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. […]
Banshee stealer evades detection using Apple XProtect encryption algo
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple’s XProtect. […]
Microsoft fixes OneDrive bug causing macOS app freezes
Microsoft has fixed a known issue causing macOS applications to freeze when opening or saving files in OneDrive. […]