Tag: software

December 29, 2022

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted […]

December 9, 2022

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. Open source vulnerabilities As just one example, the research reveals […]

November 17, 2022

Google’s Android operating system dominates smartphone usage throughout the world — in every region except North America and Oceania, in fact. Thus, businesses in many regions are likely to support and issue Android devices to employees as their mainstay mobile […]

October 20, 2022

Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and […]

September 14, 2022

Unified container and cloud security firm Sysdig on Wednesday launched its cloud security posture management (CSPM) offering, which aggregates security findings by root cause and prioritizes remediation based on impact. The new offering consists of ToDo, an actionable checklist showing […]

September 13, 2022

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. “A notable feature of these attacks […]

August 31, 2022

Google’s first stable channel version of Chrome 105 for Windows, Mac, and Linux, released this week, contained fixes for 24 vulnerabilities in previous versions of the software, including one “critical” flaw and eight that the company rated as being of […]

August 26, 2022

Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the […]

August 18, 2022

A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been exploited by attackers to extract users’ personal data and device’s data, including […]

August 12, 2022

Businesses are increasingly concerned about how they will meet ransomware demands. Only 19 percent of those surveyed have ransomware coverage limits above $600,000, while over half (59 percent) hoped the government would cover damages when future attacks are linked to […]

July 27, 2022

Cybercrime is being supercharged through “plug and play” malware kits that make it easier than ever to launch attacks. Cyber syndicates are collaborating with amateur attackers to target businesses, putting our online world at risk. The HP Wolf Security threat […]

July 6, 2022

The recent upheaval in the supply chain is unprecedented, thanks to ongoing disruptions tied to the pandemic, financial and trade sanctions stemming from Russia’s war in Ukraine, cyberattacks targeting the supply chain, and other factors. To become more resilient in […]

July 6, 2022

Living off the land is not the title of a gardening book. It’s the goal of attackers going after your network. Rather than installing malicious software on your network that antivirus software might flag, attackers use the code already there […]

July 5, 2022

Malicious individuals are using stolen personally identifiable information (PII) and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week. The increasing malicious use of deepfakes Deepfakes are synthetic […]

June 8, 2022

The shift to cloud native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex. Meanwhile, adversaries, motivated by the success […]

April 7, 2022

Secure Code Warrior released findings from its survey, which found that developers’ actions and attitudes toward software security are in conflict. While many developers acknowledge the importance of applying a security-led approach in the software development lifecycle, 86% do not […]

August 12, 2021

LOCATION DATA SHARING from wireless carriers has been a major privacy issue in recent years. Marketers, salespeople, and even bounty hunters were able to pay shadowy third-party companies to track where people have been, using information that carriers gathered from […]

January 6, 2021

If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this is […]

December 22, 2020

Several major technology and accounting firms are among 24 U.S. organizations that used software targeted by Russian hackers in a cyberattack that breached federal agencies, according to The Wall Street Journal. The newspaper’s analysis found that Cisco Systems, Intel Corp. […]

December 1, 2020

The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to Apodis Pharma, a software company based in France. Apodis Pharma is a company that offers a digital supply chain management […]