HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
SecurityWeek
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.
Bleeping Computer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
CSO
Google, Meta, Spotify accused of flouting Apple’s device fingerprinting rules
Security researchers allege that several apps are collecting data from iOS devices, violating Apple’s policy on device fingerprinting.
The Hacker News
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)
Google has made enabling two-factor authentication (2FA) easier for personal and Workspace accounts.
Infosecurity News
Google Blocks 2.3 Million Apps From Play Store Listing
Google blocked millions of policy-violating apps from being listed on Play in 2023 and banned 333,000 bad accounts
CyberNews
Google bans 2.3M apps and hundreds of thousands of accounts from its Play Store
Google has found that millions of apps submitted to its platform violate the privacy of users.
DarkReading
Okta: Credential-Stuffing Attacks Spike via Proxy Networks
Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
Security Affairs
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023
Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play.
Ars Technica
Account compromise of “unprecedented scale” uses everyday home devices
Credential-stuffing attack uses proxies to hide bad behavior.
The Hacker News
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
Google reveals a staggering 200,000 app submissions were rejected or remediated from the Play Store last year due to issues with sensitive data access
Bleeping Computer
Google rejected 2.28 million risky Android apps from Play store in 2023
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security.
Bleeping Computer
Google rejected 2.28 million risky apps from Play Store in 2023
Google blocked 2.28 million apps from being published on Google Play after finding various policy violations that could threaten the security of Android users.
SecurityWeek
Google Says it Blocked 2.28 Million Apps from Google Play Store
In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.
The Hacker News
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
Okta is sounding the alarm on an unprecedented spike in credential stuffing attacks targeting online services.
Bleeping Computer
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..
Trend Micro
Importance of Scanning Files on Uploader Applications
Delve into the crucial practice of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware.
CSO
Customers of Sisense data analytics service urged to change credentials
Sisense customers told to update credentials following a compromise that is under investigation.
Bleeping Computer
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
The Hacker News
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
Android VPN apps hijacking devices, covertly turning them into proxy nodes for threat actors and fueling botnet operations.
SecurityWeek
VPN Apps on Google Play Turn Android Devices Into Proxies
Human Security identifies 28 VPN applications for Android and an SDK on Google Play that turn devices into proxies.
Ars Technica
Thousands of Phones and routers swept into proxy service, unbeknownst to users
Two new reports show criminals may be using your device to cover their online tracks.
Bleeping Computer
Free VPN apps on Google Play turned Android phones into proxies
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots.
Bleeping Computer
Hackers poison source code for largest Discord bot platform
A new supply chain attack has impacted the top gg Discord bot developers community on GitHub, which has over 170,000 members, with data-stealing malware.
Bleeping Computer
Hackers poison source code from largest Discord bot platform
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information.
The Hacker News
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Sophisticated attack targets Discord bot site Top.gg + devs. Attackers stole browser cookies, pushed malicious code, and created fake Python packages.
SecurityWeek
Top Python Developers Hacked in Sophisticated Supply Chain Attack
Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up : Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories
cybersecurity news will keep you posted on the latest developments, exposures, advances, occurrences, threats, and narratives in this field.
Cyber Security News
Critical Zoom Clients Flaw Let Attackers Escalate Privileges
A vulnerability classified as improper input validation was found in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom
The Cyber Express
Microsoft Patch Tuesday 2024: Critical Vulnerabilities Addressed in Latest Security Update
March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities
DarkReading
Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update
Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared to the same period of the prior four years.
Bleeping Computer
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.
SecurityWeek
From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements
Enterprise vs. Open Source: When putting a platform into production, an enterprise-ready solution will ensure you can keep up with business demands.
Latest Hacking News
Zoom Patched Multiple Security Vulnerabilities With Latest Update
The latest Zoom release addressed numerous security vulnerabilities in the software, including a critical flaw. Users should ensure to update their devices with the latest releases to avoid potential threats. Critical Zoom Flaw Patched With Other
-1-1.webp)
Cyber Security News
Zoom Desktop Flaws Let Attackers Launch Privilege Escalation Attacks
Zoom has patched seven vulnerabilities in its desktop and mobile applications, particularly a critical flaw identified as CVE-2024-24691.
The Hacker News
Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks
Chinese-speaking cybercrime group behind sophisticated banking trojans like GoldPickaxe is targeting iOS and Android users.
Bleeping Computer
Zoom patches critical privilege elevation flaw in Windows apps
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.
Security Affairs
Zoom fixed critical flaw CVE-2024-24691 in Windows software
Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw affecting the Windows software.
SecurityWeek
Zoom Patches Critical Vulnerability in Windows Applications
Zoom patches seven vulnerabilities in its products, including a critical-severity bug in its Windows applications.
Infosecurity News
Wizz Removed from Apple and Google Stores for Sextortion Concerns
The Tinder-like app has countered claims of being a hot spot for sextortion scammers
The Hacker News
FTC Bans InMarket for Selling Precise User Location Without Consent
FTC clamps down on InMarket for selling precise location data without consent
Bleeping Computer
FTC bans one more data broker from selling your location info
The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data.
The Record
FTC settles second case with geolocation data broker in two weeks
The action against data aggregator InMarket Media suggests the Federal Trade Commission is more aggressively regulating the packaging and selling of individuals’ most sensitive data.
The Hacker News
FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data
FTC bans Outlogic from selling sensitive location data! A landmark move for digital privacy.
Bleeping Computer
FTC bans data broker from selling Americans’ location data
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes.
Bleeping Computer
The best Windows 11 features added in 2023
The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more.
Infosecurity News
H2 2023 Threat Landscape Dominated by AI and Android Spyware
The MOVEit hack, OpenAI service targeting and Android spyware top the threat landscape in H2 2023, according to ESET
Bleeping Computer
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs.
SecurityWeek
SAP Patches Critical Vulnerability in Business Technology Platform
SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug.
Cyber Security News
New 5Ghoul Attack Impacts 5G Devices From Popular Brands
Cybersecurity researchers from the following organizations recently discovered the new 5Ghoul attack that impacts the 5G devices
Bleeping Computer
Multiple NFT collections at risk by flaw in open-source library
A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase.
SecurityWeek
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
CSO
Top cybersecurity product news of the week
New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Noname Security, and more.
Bleeping Computer
Avast confirms it tagged Google app as malware on Android phones
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
Bleeping Computer
Flipper Zero Bluetooth spam attacks ported to new Android app
Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts.
Bleeping Computer
Windows 11 23H2 - New features in the Windows 11 2023 Update
This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades.
DarkReading
Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic
The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.
SecurityWeek
CipherStash Raises $3 Million for Encryption-in-Use Technology
Australian startup ChipherStash raises $3 million in seed funding for technology that keeps data encrypted in use.
Latest Hacking News
Microsoft October Patch Tuesday Fixes 100+ Flaws, Including Zero-Days
With October Patch Tuesday, Microsoft fixed 104 security vulnerabilities across different products, including three zero-day flaws. While Microsoft ensures automatic roll-out of the updates to all eligible devices, users must still check their systems for
The Hacker News
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
Malicious NuGet package distributing SeroXen RAT targets .NET developers.
Bleeping Computer
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
Cyber Security News
Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server
JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively.
The Hacker News
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
The Hacker News
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
Trend Micro releases patches for a critical security flaw, CVE-2023-41179, actively exploited in real-world attacks.
Computerworld
Critical updates for Microsoft Office and Visual Studio drive September's Patch Tuesday
Microsoft this week rolled out 59 updates with its Patch Tuesday update, including critical patches for Microsoft Office and Visual Studio.
%20Penetration%20Testing%20(1).webp)
Cyber Security News
Point Of Sale Device (POS) Penetration Testing - A Practical Guide 2023
Penetration testing of point-of-sale (POS) devices is essential to ensure the security of payment systems and protect sensitive customer data
Cyber Security News
Windows Update Addressed 2 Zero-Days and 52 Other Vulnerabilities
Microsoft has released their Patch Tuesday update which includes 59 vulnerabilities along with two Zero-Days. The severity for these vulnerabilities ranges from 4.3 (Medium) to 8.8 (High).
SecurityWeek
ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory.
Bleeping Computer
Windows 11 23H2: Top three new features
The highly anticipated Windows 11 23H2 update is around the corner, and Microsoft has released its best features to testers in the Beta Channel.
Bleeping Computer
Bitwarden releases free and open-source E2EE Secrets Manager
Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.
Security Affairs
Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection WinRAR flaw enables remote […]
Latest Hacking News
Multiple Codesys PLC Vulnerabilities Could Risk Numerous Power Plants
Microsoft researchers discovered numerous vulnerabilities affecting Codesys PLC that risked power plants' security with various attacks, such as shutdowns. Codesys released the patches for the flaws following the vulnerability disclosure. Microsoft Reports Severe Codesys PLC Vulnerabilities According
Infosecurity News
Microsoft: Critical CODESYS Flaws Could Shut Down Power Plants
The vulnerabilities put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS)
Security Affairs
Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS
16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, […]
Ars Technica
Microsoft finds vulnerabilities it says could be used to shut down power plants
Exploitation is hard and patches are already out, but the potential risk is great.
Bleeping Computer
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.
The Hacker News
15 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A series of 15 high-severity vulnerabilities dubbed CoDe16 have been uncovered in CODESYS V3 SDK, posing remote code execution & DoS risks.
SecurityWeek
Intel Addresses 80 Firmware, Software Vulnerabilities
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.
SecurityWeek
Apple Lists APIs That Developers Can Only Use for Good Reason
In an effort to boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs.
The Hacker News
Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable
Patchstack reports security vulnerabilities in the popular Ninja Forms plugin for WordPress (CVE-2023-37979, CVE-2023-38386, CVE-2023-38393).
The Hacker News
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse
Apple announces a crucial update requiring developers to provide reasons for using certain APIs in their apps.
SecurityWeek
Multiple Security Issues Identified in Peloton Fitness Equipment
Internet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled.
Bleeping Computer
Windows 11 23H2 update coming this fall, here's what's new
As Microsoft prepares for the imminent rollout of Windows 11 23H2, they've been developing various innovative features designed to improve user experience, streamline workflows, and introduce next-generation functionalities. This article will explore new features, from dynamic lighting to Windows Copilot upgrades.
SecurityWeek
Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails
Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.
Latest Hacking News
QuickBlox Framework Vulnerabilities Exposed Data Of Millions Of Users
Researchers found the popular chat service QuickBlox exhibiting numerous security flaws. Exploiting the QuickBlox framework vulnerabilities could allow an adversary to access the users’ data from the apps’ databases. QuickBlox patched the flaw with the
The Hacker News
Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services
Multiple vulnerabilities have been found in Honeywell Experion DCS and QuickBlox. If exploited, these flaws could lead to severe compromise of affecte
SecurityWeek
API Flaw in QuickBlox Framework Exposed PII of Millions of Users
QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance.
Cyber Security News
QuickBlox Framework Security Flaws Exposes Millions of Users Sensitive Data
Recent reports from Team82 and CPR team state that there has been a major vulnerability in QuickBlox SDK & API that is used for developing chat and video applications.
Cyber Security News
10 Mobile App Security Scanners to Detect Vulnerability in Applications 2023
Best Mobile app security scanners: 1. Android Debug Bridge 2. SandDroid 3. App-Ray4. Drozer 5. Synopsys 6. Quixxi 7. StacoAn 8. Ostorlab
Bleeping Computer
New Windows 11 build ships with more Rust-based Kernel features
Microsoft announced that the latest Windows 11 build shipping to Insiders in the Canary channel comes with additional Windows Kernel components rewritten in the memory safety-focused Rust programming language.
CSO
Botnets responsible for over 95% malicious web traffic globally: Report
For the research, Trustwave implemented a network of honeypots located in multiple countries including Russia, Ukraine, Poland, the UK, China, and the United States.
Bleeping Computer
Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.
Ars Technica
Nvidia’s new AI “Superchip” combines CPU and GPU to train monster AI systems
It takes a lot of computing power to pretend to be human.
Bleeping Computer
Over 60,000 Android apps secretly installed adware for past six months
Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months.
The Hacker News
Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices
🚨 Beware Android users! Over 60,000 adware apps have been lurking in the shadows, disguising as cracked versions of your favorite apps.
Bleeping Computer
SpinOk Android malware found in more apps with 30 million installs
The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times.
Ars Technica
Google’s Android and Chrome extensions are a very sad place. Here’s why
It was a bad week for millions of people who rely on Google for apps and Chrome extensions.
Security Affairs
Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware
Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those available on Google Play. Upon executing the module, the malware-laced SDK connects to the C2 […]
Infosecurity News
SpinOk Trojan Compromises 421 Million Android Devices
The Doctor Web team unveiled information about the malware in an advisory published on Monday
Bleeping Computer
Android apps with spyware installed 421 million times from Google Play
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times.
Loading more articles....