A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. […]
How to manage shadow IT and reduce your attack surface
In today’s fast-paced business environment, employees increasingly turn to unauthorized IT solutions, called Shadow IT, to streamline their work and boost productivity. This article explores the prevalence of shadow IT, the risks it poses and discusses strategies for managing it. […]
Ban Sought for Chinese, Russian Software and Hardware Used in Autonomous Vehicles on US Roads
In extreme situations, a foreign adversary could shut down or take simultaneous control of multiple vehicles operating in the United States, causing crashes and blocking roads.
The post Ban Sought for Chinese, Russian Software and Hardware Used in Autonomous Vehicles on US Roads appeared first on SecurityWeek.
CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF
Microchip Advanced Software Framework (ASF) 3 is affected by a critical vulnerability that could lead to remote code execution.
The post CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF appeared first on SecurityWeek.
ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products
ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS.
The post ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products appeared first on SecurityWeek.
Versa Networks Patches Vulnerability Exposing Authentication Tokens
Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists.
The post Versa Networks Patches Vulnerability Exposing Authentication Tokens appeared first on SecurityWeek.
THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 16-22)
Hold on tight, folks, because last week’s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling “dream jobs” to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let’s dive into the details and see what lessons we can glean
Why ‘Never Expire’ Passwords Can Be a Risky Decision
Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it’s commonly
Cybersecurity Products Conking Out After macOS Sequoia Update
macOS Sequoia updates are causing cybersecurity software failures and breaking network connectivity for many.
The post Cybersecurity Products Conking Out After macOS Sequoia Update appeared first on SecurityWeek.
Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.
The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF’s implementation of the tinydhcp server stemming from a lack of
The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF’s implementation of the tinydhcp server stemming from a lack of