January 25, 2023

Organizations in Taiwan, HongKong, Singapore and China have been recently facing attacks from a Chinese threat actor DragonSpark. The threat actor was observed using open source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, […]

January 25, 2023

Perimeter 81 says it has gotten even better at protecting its customers from internet-borne risks, as it adds malware protection to its growing list of services. The new offering works as a combination of continually updated signature-based detection, and advanced […]

January 25, 2023

GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for […]

January 25, 2023

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 […]

January 24, 2023

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code […]

January 24, 2023

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 […]

January 24, 2023

Cloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being […]

January 24, 2023

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings […]

January 24, 2023

The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine […]

January 24, 2023

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack […]

January 23, 2023

Researchers have uncovered a huge network of fake apps running fake ads, mainly on iOS devices. The operation was named ‘Vastflux’ in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique to […]

January 23, 2023

Marketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration. According to Mailchimp, the hacker […]

January 23, 2023

Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked […]

January 23, 2023

Hackers have discovered a new way to bypass the macro block in Microsoft Office files and still deliver malware to unsuspecting victims through the company’s suit of online collaboration apps. Security experts at BleepingComputer found freshly distributed phishing emails equipped […]

January 23, 2023

An improved Android banking Trojan dubbed Hook by security researchers is capable of taking remote control of mobile device, contributing to the growing overlap between surveillance malware and financial fraud. The Trojan, which analysis by Danish cybersecurity firm ThreatFabric characterizes […]

January 23, 2023

Wallarm has launched the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak. […]

January 23, 2023

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security […]

January 20, 2023

The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta’s WhatsApp for violating data protection laws when processing users’ personal information. At the heart of the ruling is an update to the messaging platform’s […]

January 20, 2023

The Drupal core issue exists because the Media Library module does not perform proper checks on entity access in some cases, which could allow users who can edit content to view metadata about media items that they should not have […]

January 20, 2023

A government filing posted Thursday says the attack impacted information technology systems. Yum Brands said the attackers took company data, but that there is no evidence customer data was stolen. Around 300 U.K. stores were closed for one day but […]