The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects.
The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek.
SOC 3.0 – The Evolution of the SOC and How AI is Empowering Human Talent
Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an
Qualcomm Extends Security Support for Android Devices to 8 Years
Qualcomm says it’s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years.
The post Qualcomm Extends Security Support for Android Devices to 8 Years appeared first on SecurityWeek.
New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42.
“Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized
“Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized
3.3 Million People Impacted by DISA Data Breach
Background and drug screening giant DISA has revealed that a 2024 data breach impacts more than 3.3 million people.
The post 3.3 Million People Impacted by DISA Data Breach appeared first on SecurityWeek.
Three Password Cracking Techniques and How to Defend Against Them
Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to
CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT).
The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the
The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the
Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads
Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer.
The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing.
“Although automslc, which has been
The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing.
“Although automslc, which has been
Windows 11 KB5052093 update released with 33 changes and fixes
Microsoft has released the February 2025 preview cumulative update for Windows 11 24H2, with 33 improvements and fixes for multiple issues, including SSH and File Explorer bugs and the volume jumping to 100% when waking the PC from sleep. […]
Windows 11 24H2 upgrades now blocked for some AutoCAD users
Microsoft has introduced a new Windows 11 24H2 upgrade block for systems with AutoCAD 2022, addressing compatibility issues that prevent the program from launching. […]