HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
HACKRead
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
SecurityWeek
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.
Bleeping Computer
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
CSO
Security researchers allege that several apps are collecting data from iOS devices, violating Apple’s policy on device fingerprinting.
The Hacker News
Google has made enabling two-factor authentication (2FA) easier for personal and Workspace accounts.
Infosecurity News
Google blocked millions of policy-violating apps from being listed on Play in 2023 and banned 333,000 bad accounts
CyberNews
Google has found that millions of apps submitted to its platform violate the privacy of users.
DarkReading
Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
Security Affairs
Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play.
Ars Technica
Credential-stuffing attack uses proxies to hide bad behavior.
The Hacker News
Google reveals a staggering 200,000 app submissions were rejected or remediated from the Play Store last year due to issues with sensitive data access
Bleeping Computer
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security.
Bleeping Computer
Google blocked 2.28 million apps from being published on Google Play after finding various policy violations that could threaten the security of Android users.
SecurityWeek
In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.
The Hacker News
Okta is sounding the alarm on an unprecedented spike in credential stuffing attacks targeting online services.
Bleeping Computer
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks..
Trend Micro
Delve into the crucial practice of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware.
CSO
Sisense customers told to update credentials following a compromise that is under investigation.
Bleeping Computer
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
The Hacker News
Android VPN apps hijacking devices, covertly turning them into proxy nodes for threat actors and fueling botnet operations.
SecurityWeek
Human Security identifies 28 VPN applications for Android and an SDK on Google Play that turn devices into proxies.
Ars Technica
Two new reports show criminals may be using your device to cover their online tracks.
Bleeping Computer
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots.
Bleeping Computer
A new supply chain attack has impacted the top gg Discord bot developers community on GitHub, which has over 170,000 members, with data-stealing malware.
Bleeping Computer
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information.
The Hacker News
Sophisticated attack targets Discord bot site Top.gg + devs. Attackers stole browser cookies, pushed malicious code, and created fake Python packages.
SecurityWeek
Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama.
Cyber Security News
cybersecurity news will keep you posted on the latest developments, exposures, advances, occurrences, threats, and narratives in this field.
Cyber Security News
A vulnerability classified as improper input validation was found in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom
The Cyber Express
March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities
DarkReading
Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared to the same period of the prior four years.
Bleeping Computer
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.
SecurityWeek
Enterprise vs. Open Source: When putting a platform into production, an enterprise-ready solution will ensure you can keep up with business demands.
Latest Hacking News
The latest Zoom release addressed numerous security vulnerabilities in the software, including a critical flaw. Users should ensure to update their devices with the latest releases to avoid potential threats. Critical Zoom Flaw Patched With Other
Cyber Security News
Zoom has patched seven vulnerabilities in its desktop and mobile applications, particularly a critical flaw identified as CVE-2024-24691.
The Hacker News
Chinese-speaking cybercrime group behind sophisticated banking trojans like GoldPickaxe is targeting iOS and Android users.
Bleeping Computer
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.
Security Affairs
Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw affecting the Windows software.
SecurityWeek
Zoom patches seven vulnerabilities in its products, including a critical-severity bug in its Windows applications.
Infosecurity News
The Tinder-like app has countered claims of being a hot spot for sextortion scammers
The Hacker News
FTC clamps down on InMarket for selling precise location data without consent
Bleeping Computer
The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data.
The Record
The action against data aggregator InMarket Media suggests the Federal Trade Commission is more aggressively regulating the packaging and selling of individuals’ most sensitive data.
The Hacker News
FTC bans Outlogic from selling sensitive location data! A landmark move for digital privacy.
Bleeping Computer
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes.
Bleeping Computer
The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more.
Infosecurity News
The MOVEit hack, OpenAI service targeting and Android spyware top the threat landscape in H2 2023, according to ESET
Bleeping Computer
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs.
SecurityWeek
SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug.
Cyber Security News
Cybersecurity researchers from the following organizations recently discovered the new 5Ghoul attack that impacts the 5G devices
Bleeping Computer
A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase.
SecurityWeek
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
CSO
New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Noname Security, and more.
Bleeping Computer
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
Bleeping Computer
Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts.
Bleeping Computer
This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades.
DarkReading
The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.
SecurityWeek
Australian startup ChipherStash raises $3 million in seed funding for technology that keeps data encrypted in use.
Latest Hacking News
With October Patch Tuesday, Microsoft fixed 104 security vulnerabilities across different products, including three zero-day flaws. While Microsoft ensures automatic roll-out of the updates to all eligible devices, users must still check their systems for
The Hacker News
Malicious NuGet package distributing SeroXen RAT targets .NET developers.
Bleeping Computer
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
Cyber Security News
JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively.
The Hacker News
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
The Hacker News
Trend Micro releases patches for a critical security flaw, CVE-2023-41179, actively exploited in real-world attacks.
Computerworld
Microsoft this week rolled out 59 updates with its Patch Tuesday update, including critical patches for Microsoft Office and Visual Studio.
Cyber Security News
Penetration testing of point-of-sale (POS) devices is essential to ensure the security of payment systems and protect sensitive customer data
Cyber Security News
Microsoft has released their Patch Tuesday update which includes 59 vulnerabilities along with two Zero-Days. The severity for these vulnerabilities ranges from 4.3 (Medium) to 8.8 (High).
SecurityWeek
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory.
Bleeping Computer
The highly anticipated Windows 11 23H2 update is around the corner, and Microsoft has released its best features to testers in the Beta Channel.
Bleeping Computer
Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection WinRAR flaw enables remote […]
Latest Hacking News
Microsoft researchers discovered numerous vulnerabilities affecting Codesys PLC that risked power plants' security with various attacks, such as shutdowns. Codesys released the patches for the flaws following the vulnerability disclosure. Microsoft Reports Severe Codesys PLC Vulnerabilities According
Infosecurity News
The vulnerabilities put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS)
Security Affairs
16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, […]
Ars Technica
Exploitation is hard and patches are already out, but the potential risk is great.
Bleeping Computer
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.
The Hacker News
A series of 15 high-severity vulnerabilities dubbed CoDe16 have been uncovered in CODESYS V3 SDK, posing remote code execution & DoS risks.
SecurityWeek
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.
SecurityWeek
In an effort to boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs.
The Hacker News
Patchstack reports security vulnerabilities in the popular Ninja Forms plugin for WordPress (CVE-2023-37979, CVE-2023-38386, CVE-2023-38393).
The Hacker News
Apple announces a crucial update requiring developers to provide reasons for using certain APIs in their apps.
SecurityWeek
Internet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled.
Bleeping Computer
As Microsoft prepares for the imminent rollout of Windows 11 23H2, they've been developing various innovative features designed to improve user experience, streamline workflows, and introduce next-generation functionalities. This article will explore new features, from dynamic lighting to Windows Copilot upgrades.
SecurityWeek
Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.
Latest Hacking News
Researchers found the popular chat service QuickBlox exhibiting numerous security flaws. Exploiting the QuickBlox framework vulnerabilities could allow an adversary to access the users’ data from the apps’ databases. QuickBlox patched the flaw with the
The Hacker News
Multiple vulnerabilities have been found in Honeywell Experion DCS and QuickBlox. If exploited, these flaws could lead to severe compromise of affecte
SecurityWeek
QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance.
Cyber Security News
Recent reports from Team82 and CPR team state that there has been a major vulnerability in QuickBlox SDK & API that is used for developing chat and video applications.
Cyber Security News
Best Mobile app security scanners: 1. Android Debug Bridge 2. SandDroid 3. App-Ray4. Drozer 5. Synopsys 6. Quixxi 7. StacoAn 8. Ostorlab
Bleeping Computer
Microsoft announced that the latest Windows 11 build shipping to Insiders in the Canary channel comes with additional Windows Kernel components rewritten in the memory safety-focused Rust programming language.
CSO
For the research, Trustwave implemented a network of honeypots located in multiple countries including Russia, Ukraine, Poland, the UK, China, and the United States.
Bleeping Computer
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.
Ars Technica
It takes a lot of computing power to pretend to be human.
Bleeping Computer
Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months.
The Hacker News
🚨 Beware Android users! Over 60,000 adware apps have been lurking in the shadows, disguising as cracked versions of your favorite apps.
Bleeping Computer
The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times.
Ars Technica
It was a bad week for millions of people who rely on Google for apps and Chrome extensions.
Security Affairs
Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those available on Google Play. Upon executing the module, the malware-laced SDK connects to the C2 […]
Infosecurity News
The Doctor Web team unveiled information about the malware in an advisory published on Monday
Bleeping Computer
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times.
Loading more articles....