July 25, 2023
Via: The Hacker NewsA new security vulnerability has been discovered in AMD’s Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed […]
Threats & Malware, Vulnerabilities
July 24, 2023
Via: The Hacker NewsZero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, […]
Threats & Malware, Virus & Malware
July 21, 2023
Via: The Hacker NewsA new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts. “BundleBot is abusing the dotnet bundle (single-file), self-contained […]
July 7, 2023
Via: The Hacker NewsGoogle has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory […]
Application security, Security
June 22, 2023
Via: The Hacker NewsMillions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday […]
May 25, 2023
Via: Dark ReadingGoogle has fixed a critical flaw in its Google Cloud Platform’s database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other cloud services, including potentially those in customer environments. […]
May 24, 2023
Via: The Hacker NewsGoogle has removed a screen recording app named “iRecorder – Screen Recorder” from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app […]
May 5, 2023
Via: The Hacker NewsA new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate […]
May 3, 2023
Via: The Hacker NewsApple and Google have teamed up to work on a draft industry-wide specification that’s designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. “The first-of-its-kind specification will […]
May 1, 2023
Via: The Hacker NewsGoogle disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off […]
April 27, 2023
Via: Dark ReadingAfter a 13-year-long wait, Google Authenticator has added a 2FA account-sync feature that allows its users to back up their 2FA code sequences into the cloud, after which they can restore them back into a new device. Though the process […]
April 25, 2023
Via: The Hacker NewsGoogle’s cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language […]
Threats & Malware, Virus & Malware
April 21, 2023
Via: The Hacker NewsThe supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under […]
Threats & Malware, Vulnerabilities
April 19, 2023
Via: The Hacker NewsGoogle on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics […]
April 17, 2023
Via: The Hacker NewsA Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google’s infrastructure for malicious ends. The tech giant’s Threat Analysis Group […]
April 13, 2023
Via: The Hacker NewsGoogle on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which […]
April 12, 2023
Via: SecurityWeekGoogle-owned Mandiant is investigating the breach and 3CX has released some information from the security firm’s initial analysis. “Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster […]
April 5, 2023
Via: The Hacker NewsA North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google’s Threat Analysis Group (TAG) is tracking the cluster under the […]
Threats & Malware, Virus & Malware
March 14, 2023
Via: The RegisterCriminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to […]
December 19, 2022
Via: TechRadarGoogle has become the latest company to roll out an encryption upgrade, revealing it Gmail email service is set to get full end-to-end encryption (E2EE) support, but not all users will be able to get it. In an update on […]