A Microsoft zero-day vulnerability has not been fixed by the technology giant despite having been reported months ago, according to a security researcher. To protect users, a micropatching service, 0patch, has issued unofficial, free patches.
Researchers have identified a new remote access Trojan that uses a unique stealth technique to help it stay undetected on a victim's infrastructure and conceal Magecart malware. Dubbed CronRAT, it hides in the Linux calendar subsystem as a task that has a nonexistent date.
An Iranian attacker has been targeting users who have failed to patch a remote code execution vulnerability in a Microsoft browser engine to spy on Farsi-speaking victims, paralleling a similar campaign being run by North Korean attackers, researchers warn.
The Israeli government's Ministry of Defense reportedly has cut the list of countries to which Israeli companies’ cyber spyware can be exported from 102 to 37, reducing Israel's surveillance tool export market by two-thirds. The list specifically restricts doing business with those involved in offensive cyber.
Learning management platform Moodle, which caters to about 300 million users in 241 countries, is vulnerable to four high-risk flaws, according to a security advisory issued by the Indian Computer Emergency Response Team, or CERT-In.
Web hosting giant GoDaddy confirms that a data breach which affected about 1.2 million of its active and inactive Managed WordPress customers, has also hit Managed WordPress users tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
Financial health is now inextricably tied to identity safety, which makes delivering modern digital safety and security critical for financial institutions – especially those looking to attract younger consumers. Winning hard-to-please millennials and Gen Z requires an FI to differentiate itself with compelling...
Critical issues in India's digital lending ecosystem were identified by a RBI working group. These include the existence of fake and illegal apps and unscrupulous money recovery practices. Establishment of a self-regulatory body to oversee operations of lending platforms is recommended.
"Garbage in, garbage out." That's a fundamental problem with traditional application security management, which lacks both context and automation. But Idan Plotnik, co-founder and CEO of Apiiro, proposes a new approach to application risk management.
Hacker group MosesStaff has targeted Israeli organizations with encryption attacks, according to Check Point researchers. Archived records show that at least 16 organizations - including the Israel Post, the Ministry of Defense and Israeli Intelligence Corps Unit 8200 - were targeted.
What the Good News Is, What to Watch Out For, and What to Do About It
Shifting security even further to the left to
achieve scale and speed requires a carefully
weighed understanding of the state of security.
Download this DevSecOps guide which presents:
Trends that will help
bolster the capabilities of...
Google’s Threat Analysis Group has released details of a watering hole campaign targeting a macOS zero-day exploit chain to install a never-before-seen malware on devices of users visiting Hong Kong websites of a media outlet and a prominent pro-democracy labor and political group.
Cloud video conferencing provider Zoom has released patches for multiple vulnerabilities in its product that could have allowed criminals to intercept data from meetings and attack customer infrastructure.
NSO Group CEO-designate Itzik Benbenisti, currently NSO's co-president, has resigned from the Israel-based intelligence company, citing its blacklisting by the U.S. Department of Commerce last week. But the company has other troubles, too.