News
-
"Hacktivists Say They Stole 100,000 Emails From Iran's Nuclear Energy Agency"The Iranian Atomic Energy Organization has dismissed claims that a subsidiary's email systems were compromised, revealing critical operational data about a nuclear power plant. An activist group named Black Reward, claiming to be from Iran, says they…
-
"Cloud Security Is Complex -- But Most Vulnerabilities Fall Into Three Key Categories"With most businesses utilizing at least one type of cloud deployment today, the question of whether the cloud is more or less secure than on-premise solutions remains. In on-premises or private cloud environments, security is primarily based on a barrier…
-
"Adobe Illustrator Vulnerabilities Rated Critical, But Exploitation Not Easy"Updates released by Adobe recently for its Illustrator product patch two vulnerabilities that could lead to arbitrary code execution, but the researcher who found them says exploitation is not easy. According to Adobe, Illustrator 2021 and 2022 for…
-
"Critical Flaws in Abode Home Security Kit Allow Hackers to Hijack, Disable Cameras"Abode Systems has resolved multiple severe vulnerabilities recently in its home security kit, including critical issues that could allow attackers to execute commands with root privileges. Abode Systems sells smart DIY home security systems and…
-
"Malicious Clicker Apps in Google Play Have 20M+ Installs"McAfee security researchers have discovered 16 malicious clicker apps that were installed more than 20 million times from the official Google Play store. DxClean, one of these apps, has been downloaded over five million times and has a user rating of 4.1…
-
"FBI: Iranian Threat Group Likely to Target US Midterms"The FBI warns that the Emennet Pasargad group is planning to target officials and businesses with hack-and-leak campaigns. Although the Iranian threat group Emennet Pasargad is primarily focused on attacking Israeli officials, the FBI warns that the…
-
"Consumer Behaviors Are the Root of Open Source Risk"Sonatype has released its eighth annual State of the Software Supply Chain Report, which discovered that, in addition to a massive increase in open-source supply, demand, and malicious attacks, 96 percent of open-source Java downloads with known…
-
"CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware"US cybersecurity and intelligence agencies have issued a joint advisory warning of attacks carried out by the Daixin Team, a cybercrime gang primarily targeting the country's healthcare sector. According to the agencies, the Daixin Team is a ransomware…
-
"Typosquat Campaign Mimics 27 Brands to Push Windows, Android Malware"Over 200 typosquatting domains impersonating 27 brands are being used in a massive malicious campaign to trick visitors into downloading various Windows and Android malware. Typosquatting is a technique for tricking people into visiting a fake website by…
-
"Numerous GitHub Repositories Distribute Malicious Phony PoC Exploits"Researchers from the Leiden Institute of Advanced Computer Science discovered thousands of repositories on GitHub offering fake proof-of-concept (PoC) exploits for various vulnerabilities, some of which include malware. PoC exploits are uploaded by…
-
"Lithuanian National Cyber Security Center Launched a New Fraud Protection Tool"The Lithuanian National Cyber Security Center (NCSC), in collaboration with the Internet Service Center DOMREG at Kaunas University of Technology (KTU), has developed DNS Firewall, a new free tool for residents and organizations to help in the fight…
-
"Disclosing Software Vulnerabilities: An Ethical Perspective"Securing software and other services requires the discovery of flaws and the implementation of corrective measures. The question is how to properly disclose vulnerabilities to vendors and the general public. Many researchers find vulnerabilities and have…