Category: Software Security – Software Curated

Read the original article: Office 365: A Favorite for Cyberattack Persistence Threat actors are consistently leveraging legitimate services and tools from within Microsoft Office 365 to pilfer sensitive data and launch phishing, ransomware, and other attacks across corporate networks from…

Read more →

Read the original article: Facebook now has a loyalty program for its bug bounty hunters on its platform Facebook launched its bug bounty program in 2011. Now, the company is bringing an intriguing update to it with a loyalty program…

Read more →

Read the original article: Microsoft releases tool to update Defender inside Windows install images Microsoft has released on Friday a new tool that will allow system administrators to update the Defender security package inside Windows installation images (WIM or VHD…

Read more →

Read the original article: New COOP and COEP Cross-Origin Policies for Increased Security in Chrome and Firefox Eiji Kitamura recently addressed in a talk at Google’s web.dev live the new COOP and COEP policies that dictate how browsers handle cross-origin…

Read more →

Read the original article: 9 ways to build privacy into your cloud applications Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job that’s full of nuance and tradeoffs. Turn the dial too far…

Read more →

Read the original article: Online Business Scams Decline as Consumer COVID Fraud Rises Online bandits are decreasing their schemes against businesses but increasing COVID-19 scams aimed at consumers, according to a report released Tuesday by TransUnion. Suspected fraudulent digital transactions…

Read more →

Read the original article: Report Reveals How Enterprises Must Adapt to Secure Remote Work at Scale The COVID-19 pandemic and the shift to contactless commerce is driving major changes in business models and forcing business leaders to re-think the way…

Read more →

Read the original article: Malware stashed in China-mandated software is more extensive than thought Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence…

Read more →

Read the original article: Malware stashed in China-mandated software is more extensive than thought Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence…

Read more →

Read the original article: Google bans ads for stalkerware apps—with some exceptions Google is trying to make it a little harder for a determined stalker to spy remotely on their spouse, partner, or ex by prohibiting advertising for stalkerware apps…

Read more →

Read the original article: Microsoft’s new KDP tech blocks malware by making parts of the Windows kernel read-only Microsoft has published today the first technical details about a new security feature that will soon be part of Windows 10. Named…

Read more →

Read the original article: DHS Brings Web App to Coronavirus Fight Never, in most of our lifetimes, have all corners of society collaborated to address a single grave threat as they have done in the fight against COVID-19. While epidemiological…

Read more →

Read the original article: The more cybersecurity tools an enterprise deploys, the less effective their defense is The enterprise is slowly improving its response to cybersecurity incidents, but in the same breath, it is still investing in too many tools…

Read more →

Read the original article: NXTsoft Launches OmniSecure for API Monitoring NXTsoft, an API connectivity services provider, today announced the launch of OmniSecure, an API-monitoring solution that provides an additional layer of cybersecurity to NXTsoft’s secure APIs. OmniSecure monitors API security…

Read more →

Read the original article: This new ransomware is targeting Windows and Linux PCs with a ‘unique’ attack A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign. Named Tycoon…

Read more →

Read the original article: Mobile security forces difficult questions As governments consider COVID-19 contact tracing and its privacy implications, it’s not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees.…

Read more →

Read the original article: iOS Mail has ‘critical’ security flaws Germany’s federal cybersecurity agency has issued a warning urging all iOS users to install Apple’s latest security updates which patch two zero-click security vulnerabilities that impact the company’s default email…

Read more →

Read the original article: How to get into cybersecurity? Cybersecurity is one of the fastest growing industries globally. Predictions place spending on endpoint security tools at $128 billion by the end of 2020 and spending on cloud security tools at…

Read more →

Read the original article: Securing Innovation in the Cloud: Best Practices for Remote Development Teams Cloud architects are tasked with important responsibilities. They work to conceptualize and build an infrastructure that enables new product development, the creation of new service…

Read more →

Read the original article: Securing Linux’s master sysadmin command: Sudo Sudo is one of the most powerful and dangerous tools in the Unix or Linux system administrator’s toolbox. With it, an ordinary user can run commands just as if he…

Read more →

Read the original article: Securing Linux’s master sysadmin command: Sudo Sudo is one of the most powerful and dangerous tools in the Unix or Linux system administrator’s toolbox. With it, an ordinary user can run commands just as if he…

Read more →

Read the original article: Microsoft Shells Out $100K for IoT Security Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things (IoT) that encompasses hardware, OS and cloud elements.…

Read more →

Read the original article: Crystal Balling the Future of Application Security If the past four decades have taught us anything, it’s that predicting the future of computing, software, and networking technologies is something of a fool’s errand. That’s undoubtedly the…

Read more →

Read the original article: Skype phishing attack targets remote workers Remote workers have been warned to take extra care when using video conferencing software after a new phishing scam was uncovered. Researchers from security firm Cofense have revealed hackers are…

Read more →

Read the original article: Apple Patches Two iOS Zero-Days Abused for Years Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities…

Read more →

Read the original article: Malwarebytes steps into the VPN space with WireGuard-based service Available now for Windows 7 and higher—Mac, Android, iOS, and Chrome OS are coming soon—Malwarebytes Privacy costs $59.99 per year. You can also get it bundled with…

Read more →

Read the original article: API Backdoor Exposes Android Users’ Sensitive Data A recent research paper reports that a set of Android APIs called Installed Application Methods (IAMs) are exposing Android users’ sensitive information to advertisers. IAMs have a legitimate purpose.…

Read more →

Read the original article: API Backdoor Exposes Android Users’ Sensitive Data A recent research paper reports that a set of Android APIs called Installed Application Methods (IAMs) are exposing Android users’ sensitive information to advertisers. IAMs have a legitimate purpose.…

Read more →

Read the original article: The Evolution of AppSec: Past, Present and Future In a recent podcast with IDG, Chris Wysopal, Veracode Chief Technology Officer, speaks to the evolution of application security (AppSec) over the past ten years. In his evaluation,…

Read more →

Read the original article: Zoom Boosts Security With Pick-Your-Route Feature Zoom’s paying customers will be able to choose the region they want to use for their virtual meetings, the company announced Monday. Starting Saturday, paying customers can opt in or…

Read more →

As video conferencing platform Zoom continues to weather unfavorable headlines about its security, two big market rivals are doubling down on commitments to keeps users safe. In recent weeks, Zoom has faced a barrage of criticism involving privacy and security…

Read more →

Modern operating systems do an outstanding job of protecting against malware and viruses. But the world of malicious software is a rapidly evolving one, and now random acts of destruction that were once the goal of viruses have been replaced…

Read more →

A new variant of the AnarchyGrabber malware has been discovered by MalwareHunterTeam which modifies Discord client files in order to evade detection and steal user accounts every time someone logs into the popular chat service. The malware is distributed on…

Read more →

Zoom has decided to cease development of new product features so it can focus on fixing various privacy and security issues. The company has seen a surge in the use of its platform in recent weeks, as self isolation in…

Read more →

There’s a lot to unpack in our most recent State of Software Security (SOSS) report, including some then vs. now comparisons, a look at the most popular vulnerabilities, and a deep dive into security debt. Here are the five takeaways…

Read more →

Check Point has launched a new extension for Google Chrome called ZoneAlarm Web Secure Free that provides users with free protection against phishing attacks, malicious downloads and dangerous websites. The new solution is an advanced Google Chrome extension that can…

Read more →

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical…

Read more →

The ongoing coronavirus outbreak has disrupted business operations across the globe but cybercriminals are showing no signs of slowing down as they attempt to capitalize on people’s fears surrounding the virus. Back in January, hackers used the coronavirus to launch…

Read more →

The underpinnings of how app store analytics platforms operate were exposed this week by BuzzFeed, which uncovered the network of mobile apps used by popular analytics firm Sensor Tower to amass app data. The company had operated at least 20…

Read more →

Researchers at firmware security company Eclypsium on Tuesday released new research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other…

Read more →

Mozilla, the organization behind Firefox browser, is bringing its VPN (Virtual Private Network) service to Android and Windows 10 through a dedicated app. The app is currently in the beta phase, and you need an invite to sign up. Once…

Read more →

While China and the US are fighting over information and economic dominance, the European Union is scrambling to lay down a new set of rules that will govern how tech companies operate in the region, especially when it comes to…

Read more →

Researchers on Thursday documented two new malware campaigns targeting Android users. The first involved nine apps that had been downloaded from Google Play more than 470,000 times. With names such as Speed Clean and Super Clean, the apps masqueraded as…

Read more →

Google has patched this week a critical security flaw in Android’s Bluetooth component. If left unpatched, the vulnerability can be exploited without any user interaction and can even be used to create self-spreading Bluetooth worms, experts said. Fixes for the…

Read more →

Microsoft has observed that the hacking group known as Evil Corp or TA505 has switched up the tactics in its ongoing phishing campaign to deliver malware by using malicious Excel documents. The company provided more details on the new campaign…

Read more →

That $6.5 million figure is almost double the $3.4 million it handed out the previous year. The company writes that since their introduction in 2010, its Vulnerability Reward Programs (VRP) have paid out more than $21 million in total. In…

Read more →

All the major antivirus software makers plan to continue supporting their products past the Windows 7 end of life (EOL) date. Most vendors, with a few exceptions, have confirmed that their products will continue to run on Windows 7 systems…

Read more →

In today’s digital age, hackers are becoming increasingly sophisticated in their efforts to gain access to your accounts and data. Aside from breaching databases and exploiting software vulnerabilities, another attack vector is your weak password. Basic digital self-defense requires you…

Read more →

Multiple security flaws in Apple’s Safari browser have been discovered by Google researchers according to a new report from the Financial Times. The flaws were found in Safari’s Intelligent Tracking Prevention feature that is designed to protect users from cross-site…

Read more →

A free decryption tool for a form of ransomware which has plaguing victims 2017 has just been updated with additional capabilities to make it more effective at returning encrypted files – without the need to give into the demands of…

Read more →

ExpressVPN and Dynabook have announced a new global partnership with the aim of providing all of the PC maker’s users with increased internet protection on their devices. As part of the partnership, Dynabook will preinstall ExpressVPN on all new and…

Read more →

A new variant of the Clop ransomware which targets Windows 10 apps such as text editors and office applications as well as other processes has been discovered in the wild. When the Clop ransomware first appeared in February of 2019,…

Read more →

Researchers have found more malicious Google Play apps, one of which exploits a serious Android rooting vulnerability so the app can take screenshots and collect other types of sensitive user information. Camero exploits CVE-2019-2215, a potent vulnerability discovered in October…

Read more →

Since its invention in 1970, email has undergone very little changes. Its ease of use has made it the most common method of business communication, used by 3.7 billion users worldwide. Simultaneously, it has become the most targeted intrusion point…

Read more →