Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time – or the budget – to
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half.
French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.
The
French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022.
The
Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks
Unsophisticated methods can still be used to hack ICS/OT — even so, many cyberattack claims are likely exaggerated.
The post Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks appeared first on SecurityWeek.
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2).
Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant.
“Between late 2022 to present, SloppyLemming
Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant.
“Between late 2022 to present, SloppyLemming
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign
Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday.
The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.
“Investigators
The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor.
“Investigators
OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company
Mira Murati, who served a few days as its interim CEO during a period of turmoil last year, said she’s leaving the artificial intelligence company.
The post OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company appeared first on SecurityWeek.
Mozilla accused of tracking users in Firefox without consent
European digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users’ online behavior. […]
Meta halts routing via Deutsche Telekom over €20M peering fee
Meta announced that it’s ending its direct peering relationship with Deutsche Telekom following a court’s ruling earlier this year that would oblige the tech firm to pay the telecom €20,000,000 to continue using its network. […]
Google sees 68% drop in Android memory safety flaws over 5 years
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. […]
Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.
The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch
The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch