Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. […]
CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet)
CISOS from Box and Smartsheet discuss the route toward, the role within, and the future of being a successful CISO.
The post CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet) appeared first on SecurityWeek.
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities
Splunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws.
The post Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
Organizations Slow to Protect Doors Against Hackers: Researcher
Door access controllers remain vulnerable to remote hacker attacks for extended periods of time, a researcher has found.
The post Organizations Slow to Protect Doors Against Hackers: Researcher appeared first on SecurityWeek.
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for
Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack
Automattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability.
The post Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack appeared first on SecurityWeek.
Open Source Package Entry Points May Lead to Supply Chain Attacks
Entry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks.
The post Open Source Package Entry Points May Lead to Supply Chain Attacks appeared first on SecurityWeek.
New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs
Intel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.
The post New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs appeared first on SecurityWeek.
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
China’s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies.
The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of
The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates.
French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma.
Hijack Loader, also known as DOILoader, IDAT Loader, and
French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma.
Hijack Loader, also known as DOILoader, IDAT Loader, and