Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy....
News
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a...
Wing Disrupts the Market by Introducing Affordable SaaS Security
Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and...
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking...
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that,...
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from...
Android October security update fixes zero-days exploited in attacks
Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively...
ShellTorch flaws expose AI servers to code execution attacks
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed...
New ‘Looney Tunables’ Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow...
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in...
Google to bolster phishing and malware delivery defenses in 2024
Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk...
Android Multiple Vulnerabilities
Multiple vulnerabilities were identified in Android. A remote attacker could exploit some of these vulnerabilities to trigger denial of service...
Fifth of Brits Suspect They’ve Been Monitored by Employers
Nearly one in five (19%) adults polled in a new survey from the UK’s privacy regulator think they’ve been monitored...
Half of Cybersecurity Professionals Report Increase in Cyber-Attacks
Over half (52%) of cybersecurity professionals are experiencing an increase in cyber-attacks compared to a year ago, according to new...
Upstream Supply Chain Attacks Triple in a Year
Security experts have warned of surging cyber risk in open source ecosystems, having detected three times more malicious packages in...
CyberEPQ Course Triples Student Intake for the Coming Year
The Chartered Institute of Information Security (CIISec) has said it hopes to enrol at least 400 students on its CyberEPQ...
EU Cyber Resilience Act Could be Exploited for Surveillance, Experts Warn
The EU’s Cyber Resilience Act (CRA) could be misused by governments for intelligence or surveillance purposes, a group of industry...
Predator Spyware Linked to Madagascar’s Government Ahead of Presidential Election
The Madagascar government likely used the Cytrox-developed Predator spyware to conduct political domestic surveillance ahead of the country’s presidential election,...
FortiGuard Uncovers Deceptive Install Scripts in npm Packages
A series of malicious packages hidden within the Node Package Manager (npm), the largest software registry for JavaScript, has been...
NSA Establishes AI Security Center
The National Security Agency (NSA) has unveiled the AI Security Center, a new entity dedicated to overseeing the development and...
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages...
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with...
Researcher Reveals New Techniques to Bypass Cloudflare’s Firewall and DDoS Protection
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls,...
