January 25, 2023
CSO OnlineOrganizations in Taiwan, HongKong, Singapore and China have been recently facing attacks from a Chinese threat actor DragonSpark. The threat actor was observed using open source tool SparkRAT for its attacks, according to a report by SentinelOne. SparkRAT is multi-platform, […]
Threats & Malware, Virus & Malware
January 25, 2023
TechRadarPerimeter 81 says it has gotten even better at protecting its customers from internet-borne risks, as it adds malware protection to its growing list of services. The new offering works as a combination of continually updated signature-based detection, and advanced […]
January 25, 2023
Naked SecurityGoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for […]
Threats & Malware, Vulnerabilities
January 25, 2023
The Hacker NewsVMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 […]
Threats & Malware, Vulnerabilities
January 24, 2023
The Hacker NewsApple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code […]
Threats & Malware, Virus & Malware
January 24, 2023
The Hacker NewsThe Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 […]
January 24, 2023
CSO OnlineCloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being […]
January 24, 2023
CSO OnlinePasswords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. These security and useability shortcomings […]
Threats & Malware, Vulnerabilities
January 24, 2023
Security AffairsThe US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine […]
January 24, 2023
The Hacker NewsThe U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack […]
January 23, 2023
TechRadarResearchers have uncovered a huge network of fake apps running fake ads, mainly on iOS devices. The operation was named ‘Vastflux’ in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique to […]
January 23, 2023
Security WeekMarketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration. According to Mailchimp, the hacker […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
January 23, 2023
The Hacker NewsTwo security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked […]
Threats & Malware, Virus & Malware
January 23, 2023
TechRadarHackers have discovered a new way to bypass the macro block in Microsoft Office files and still deliver malware to unsuspecting victims through the company’s suit of online collaboration apps. Security experts at BleepingComputer found freshly distributed phishing emails equipped […]
Threats & Malware, Virus & Malware
January 23, 2023
DataBreach TodayAn improved Android banking Trojan dubbed Hook by security researchers is capable of taking remote control of mobile device, contributing to the growing overlap between surveillance malware and financial fraud. The Trojan, which analysis by Danish cybersecurity firm ThreatFabric characterizes […]
Application security, Security
January 23, 2023
Help Net SecurityWallarm has launched the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak. […]
Threats & Malware, Vulnerabilities
January 23, 2023
Help Net SecurityAn EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security […]
January 20, 2023
The Hacker NewsThe Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta’s WhatsApp for violating data protection laws when processing users’ personal information. At the heart of the ruling is an update to the messaging platform’s […]
Threats & Malware, Vulnerabilities
January 20, 2023
Security WeekThe Drupal core issue exists because the Media Library module does not perform proper checks on entity access in some cases, which could allow users who can edit content to view metadata about media items that they should not have […]
Threats & Malware, Virus & Malware
January 20, 2023
Security WeekA government filing posted Thursday says the attack impacted information technology systems. Yum Brands said the attackers took company data, but that there is no evidence customer data was stolen. Around 300 U.K. stores were closed for one day but […]