Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. […]
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach
Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. […]
R language flaw allows code execution via RDS/RDX files
A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. […]
Google now pays up to $450,000 for RCE bugs in some Android apps
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. […]
Millions of Docker repos found pushing malware, phishing sites
Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. […]
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named ‘Wpeeper’ has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. […]
Change Healthcare hacked using stolen Citrix account with no MFA
UnitedHealth confirms that Change Healthcare’s network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company’s Citrix remote access service, which did not have multi-factor authentication enabled. […]
Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious “imageless” containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.
“Over four million of the repositories in Docker Hub are imageless and have no content except for the repository
“Over four million of the repositories in Docker Hub are imageless and have no content except for the repository
U.S. Government Releases New AI Security Guidelines for Critical Infrastructure
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.
“These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems,” the Department of Homeland Security (DHS)&
“These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems,” the Department of Homeland Security (DHS)&
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.
“The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to
“The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to