An analysis of 95 COVID-19 contact-tracing apps conducted by the mobile security firm Guardsquare revealed that 40% did not use the official API of the Exposure Notifications protocol created by Apple and Google to protect user privacy and security. The…

The Microsoft 365 Defender Research Team has issued a warning about ad-injecting malware called Adrozek. According to Microsoft, cybercriminals have been distributing Adrozek malware since May 2020, with its peak occurring in August when more than 30,000…

Security vulnerabilities have been discovered in two widely used Point-of-Sale (PoS) terminals that could allow cybercriminals to conduct a number of malicious activities such as stealing credit card details, cloning terminals, and more. The…

Researchers are warning of an active ransomware campaign that is targeting MySQL database servers.  MySQL is an open-source relational database management system.  The ransomware is called PLEASE_READ_ME, and has so far breached at least 85,000…

Valve fixed critical bugs (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020-6019) in its Steam gaming client, a popular platform for video games like Counter Strike: Global Offensive, Dota2, and Half Life.  The first three CVEs score 9.8…

Nadya Bliss, the executive director of Arizona State University's Global Security Initiative, and her colleagues from the University of Maryland, Lehigh University, Cornell University, and the University of Utah are calling on technologists to prioritize…

Palo Alto's Unit 42 developed a tool to help security teams visualize the techniques used by the attack group behind the Egregor ransomware attacks and to improve responses to these attacks. The Unit 42 ATOM Viewer allows security professionals to view…

A team of researchers at CyberMDX discovered flaws in more than one hundred different GE Healthcare imaging and ultrasound products widely used in US hospitals. The exploitation of these vulnerabilities could allow attackers to gain access to Protected…

Google has open-sourced its Python fuzzing utility called Atheris. Fuzzing refers to the process of feeding a software application with invalid or random data until it reveals a flaw. The goal of fuzzing is to find and fix vulnerabilities in software…

Cybersecurity firm FireEye has recently been affected by an attack where adversaries stole their Red Team assessment tools that the company uses to test its customers' security.  Researchers believe that state-sponsored actors were behind the hack…

The Amsterdam-based European Medicines Agency (EMA) working on the approval of two COVID-19 vaccines has revealed that it has faced a cyberattack. According to the U.S. drugmaker Pfizer and its German partner BioNTech, the cyberattack on the drugs…

The U.S. Cyber Command has announced that the U.S. and Australia signed an agreement to work together to develop a virtual cyber training range. The Cyber Training Capabilities Project Arrangement supports the advancement of USCYBERCOM's Persistent Cyber…