Memory safety bugs in Android have decreased significantly as old code matures and new code uses memory-safe languages.
The post Google Sees Drop in Memory Safety Bugs in Android as Code Matures appeared first on SecurityWeek.
Police Are Probing a Cyberattack on Wi-Fi Networks at UK Train Stations
An investigation has been launched into a Wi-Fi service hack that has impacted many train stations in the United Kingdom.
The post Police Are Probing a Cyberattack on Wi-Fi Networks at UK Train Stations appeared first on SecurityWeek.
US Transportation and Logistics Firms Targeted With Infostealers, Backdoors
A malicious campaign is targeting transportation and logistics organizations in North America with various malware families.
The post US Transportation and Logistics Firms Targeted With Infostealers, Backdoors appeared first on SecurityWeek.
Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks
As organizations have fortified their defenses against direct network attacks, hackers have shifted their focus to exploiting vulnerabilities in the supply chain to gain backdoor access to systems.
The post Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks appeared first on SecurityWeek.
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time – or the budget – to
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half.
French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.
The
French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.
The
Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks
Unsophisticated methods can still be used to hack ICS/OT — even so, many cyberattack claims are likely exaggerated.
The post Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks appeared first on SecurityWeek.
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2).
Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant.
“Between late 2022 to present, SloppyLemming
Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant.
“Between late 2022 to present, SloppyLemming
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign
Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday.
The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.
“Investigators
The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.
“Investigators
OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company
Mira Murati, who served a few days as its interim CEO during a period of turmoil last year, said she’s leaving the artificial intelligence company.
The post OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company appeared first on SecurityWeek.