Google Play, Android’s official app store, is now tagging VPN apps with an ‘independent security reviews’ badge if they conducted an independent security audit of their software and platform. […]
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. […]
Okta breach: 134 customers exposed in October support system hack
Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. […]
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments.
“Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP),” cloud
“Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP),” cloud
NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads
Compromised Facebook business accounts are being used to run bogus ads that employ “revealing photos of young women” as lures to trick victims into downloading an updated version of a malware called NodeStealer.
“Clicking on ads immediately downloads an archive containing a malicious .exe ‘Photo Album’ file which also drops a second executable written in .NET – this payload is in charge of
“Clicking on ads immediately downloads an archive containing a malicious .exe ‘Photo Album’ file which also drops a second executable written in .NET – this payload is in charge of
CISA Awards $3M in Funding for Cyber Education and Training of Next-Gen Cyber Leaders
Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally
Here is what matters most when it comes to artificial intelligence (AI) in cybersecurity: Outcomes.
As the threat landscape evolves and generative AI is added to the toolsets available to defenders and attackers alike, evaluating the relative effectiveness of various AI-based security offerings is increasingly important — and difficult. Asking the right questions can help you spot solutions
As the threat landscape evolves and generative AI is added to the toolsets available to defenders and attackers alike, evaluating the relative effectiveness of various AI-based security offerings is increasingly important — and difficult. Asking the right questions can help you spot solutions
CanesSpy Spyware Discovered in Modified WhatsApp Versions
Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy.
These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts 2 million users.
“The trojanized
These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts 2 million users.
“The trojanized
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems.
“These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,” software supply chain security firm Phylum said.
All the counterfeit packages have been published by
“These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,” software supply chain security firm Phylum said.
All the counterfeit packages have been published by
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. […]