Security Issues, Vulnerabilities, Exploits & Government Alerts
Aug 07, 2024Ravie LakshmananAndroid / Mobile Security, Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a…
Aug 07, 2024Ravie LakshmananMalware / Software Security Apple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to override Gatekeeper protections. Gatekeeper is a crucial…
Aug 06, 2024Ravie LakshmananEmail Security / Financial Fraud INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam. The development comes…
Helps organizations buying software understand manufacturers approach to cybersecurity WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released today Secure by Demand Guide: How Software Customers Can Drive a…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause…
Aug 06, 2024The Hacker NewsSaaS Security / Threat Detection Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional,…
Aug 06, 2024Ravie LakshmananMalware / Windows Security The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems,…
Aug 06, 2024Ravie LakshmananAndroid / Malware Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March…
Aug 06, 2024Ravie LakshmananMobile Security / Vulnerability Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been…
Aug 06, 2024Ravie LakshmananEnterprise Security / Vulnerability A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve…