Python tarfile vulnerability affects 350,000 open-source projects (CVE-2007-4559)

September 22, 2022

Trellix Advanced Research Center published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. The vulnerability exists in the Python tarfile module which is a default module in any […]

Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware

September 15, 2022

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. “The adversary is using phishing documents containing lures related to the […]

TikTok vulnerability could have allowed hijackers to take over accounts

September 1, 2022

Microsoft has released a detailed rundown of an issue, now fixed, which was potentially dangerous for users of TikTok. The problem, flagged as a “high-severity vulnerability” by Microsoft, required several steps chained together in order to function. Attackers making use […]

Cloud security, Privacy protection, Security

BigID unveils data deletion capabilities to reduce cloud data risk

September 29, 2022

Via: Help Net Security

BigID announced native data deletion capabilities that make it easy for organizations to delete personal and sensitive data across their data stores – including Snowflake, AWS S3, mySQL, Google Drive, Teradata, and more. In addition, this new application allows customers […]

Threats & Malware, Virus & Malware

Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

September 28, 2022

Via: The Hacker News

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability […]

Cyber-crime, Malware

Hackers Using PowerPoint Mouseover Trick to Infect System with Malware

September 28, 2022

Via: The Hacker News

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique “is designed to be triggered when the […]

Threats & Malware, Vulnerabilities

Chrome 106 Patches High-Severity Vulnerabilities

September 28, 2022

Via: Security Week

Of the externally reported security bugs, five are rated ‘high’ severity, eight are ‘medium’ severity, and three are ‘low’ severity. Half of these vulnerabilities are use-after-free bugs, which could lead to arbitrary code execution, denial of service, or data corruption. […]

Cyber warfare, Cyber-crime

Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows

September 28, 2022

Via: Security Week

Western allies initially feared a tsunami of cyberattacks against Ukraine’s military command and critical infrastructure, hindering its ability to resist the Russian forces pouring across its borders. As of mid-September, the Cyber Peace Institute, an NGO based in Switzerland, counted […]

Application security, Security

The holy trifecta for developing a secure API

September 28, 2022

Via: Help Net Security

It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks to the original design is extremely difficult, and it must be […]

Hacker, Threats & Malware

North Korea’s Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs

September 27, 2022

Via: The Hacker News

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple’s macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for […]

Mobile, Wireless security

MITRE and Department of Defense announce FiGHT framework to enhance 5G security

September 27, 2022

Via: Help Net Security

MITRE and the Department of Defense (DoD) announced the launch of the FiGHT (5G Hierarchy of Threats) adversarial threat model for 5G systems. FiGHT empowers organizations to, for the first time, reliably assess the confidentiality, integrity, and availability of 5G […]