Application security, Security
July 11, 2023
Via: The Hacker NewsApple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors […]
Application security, Security
July 10, 2023
Via: The Hacker NewsBrick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much […]
Application security, Security
July 10, 2023
Via: The Hacker NewsMozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. “We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run […]
Application security, Security
July 5, 2023
Via: The Hacker NewsThe npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. “A npm package’s […]
Application security, Security
June 30, 2023
Via: Help Net SecurityNokod Security announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain. […]
Application security, Security
June 30, 2023
Via: Help Net SecurityTotal Assure announced its spinout from IBSS. Total Assure partners with its customers to identify security gaps, develop attainable cybersecurity objectives, and deliver comprehensive cybersecurity solutions that protect their businesses from modern cybersecurity threats. On account of the cybersecurity talent […]
Application security, Security
June 27, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. “The packages in question seem to be published in pairs, each pair working […]
Application security, Security
June 26, 2023
Via: The Hacker NewsAn unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134, said the […]
Application security, Security
June 23, 2023
Via: The RegisterChina has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick, the US ambassador-at-large for cyberspace and digital policy. Speaking at an […]
Application security, Security
June 22, 2023
Via: The Hacker NewsMillions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday […]
Application security, Security
June 19, 2023
Via: The Hacker NewsWhile the use of Infrastructure as Code (IaC) has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations […]
Application security, Security
June 15, 2023
Via: The Hacker NewsIn what’s a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. “Malicious binaries […]
Application security, Security
June 13, 2023
Via: The Hacker News“Dozens” of organizations across the world have been targeted as part of a broad business email compromise (BEC) campaign that involved the use of adversary-in-the-middle (AitM) techniques to carry out the attacks. “Following a successful phishing attempt, the threat actor […]
Application security, Security
June 13, 2023
Via: The Hacker NewsIt might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that […]
Application security, Security
June 12, 2023
Via: The Hacker NewsApple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web. “Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track […]
Application security, Security
June 8, 2023
Via: The Hacker NewsAPIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn’t come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data […]
Application security, Security
May 30, 2023
Via: The Hacker NewsMultiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different […]
Application security, Security
May 16, 2023
Via: Dark ReadingRansomware-as-a-service (RaaS) operation Qilin has been arming its affiliates with malware and supporting services to target education, healthcare, and other critical sectors of the worldwide economy, paying out an industry-leading 80% to 85% of takings to the partners. Researchers from […]
Application security, Security
May 12, 2023
Via: The Hacker NewsA previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. “BPFDoor retains its reputation as an extremely stealthy and […]
Application security, Security
May 11, 2023
Via: The Hacker NewsTwitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The “Phase 1” of the initiative […]