Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. […]
Pokemon dev Game Freak confirms breach after stolen data leaks online
Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. […]
Watch Now: Zero Trust Strategies Summit – All Sessions Available on Demand
With all sessions now available on demand, the online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.
The post Watch Now: Zero Trust Strategies Summit – All Sessions Available on Demand appeared first on SecurityWeek.
Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
Gryphon Healthcare and Tri-City Medical Center have disclosed data breaches collectively impacting over 500,000 individuals.
The post Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches appeared first on SecurityWeek.
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks
Fortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days.
The post Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks appeared first on SecurityWeek.
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.
That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the
That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability
The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region.
The post Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability appeared first on SecurityWeek.
5 Steps to Boost Detection and Response in a Multi-Layered Cloud
The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on “shift-left” practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning
Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.
“Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers Yehuda
“Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers Yehuda
Juniper Networks Patches Dozens of Vulnerabilities
Juniper Networks has announced patches for dozens of vulnerabilities in Junos OS, Junos OS Evolved, and third-party components.
The post Juniper Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek.