Read the original article: Office 365: A Favorite for Cyberattack Persistence Threat actors are consistently leveraging legitimate services and tools from within Microsoft Office 365 to pilfer sensitive data and launch phishing, ransomware, and other attacks across corporate networks from…
Category: Software Security – Software Curated
Facebook now has a loyalty program for its bug bounty hunters on its platform
Read the original article: Facebook now has a loyalty program for its bug bounty hunters on its platform Facebook launched its bug bounty program in 2011. Now, the company is bringing an intriguing update to it with a loyalty program…
Microsoft releases tool to update Defender inside Windows install images
Read the original article: Microsoft releases tool to update Defender inside Windows install images Microsoft has released on Friday a new tool that will allow system administrators to update the Defender security package inside Windows installation images (WIM or VHD…
New COOP and COEP Cross-Origin Policies for Increased Security in Chrome and Firefox
Read the original article: New COOP and COEP Cross-Origin Policies for Increased Security in Chrome and Firefox Eiji Kitamura recently addressed in a talk at Google’s web.dev live the new COOP and COEP policies that dictate how browsers handle cross-origin…
9 ways to build privacy into your cloud applications
Read the original article: 9 ways to build privacy into your cloud applications Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job that’s full of nuance and tradeoffs. Turn the dial too far…
Online Business Scams Decline as Consumer COVID Fraud Rises
Read the original article: Online Business Scams Decline as Consumer COVID Fraud Rises Online bandits are decreasing their schemes against businesses but increasing COVID-19 scams aimed at consumers, according to a report released Tuesday by TransUnion. Suspected fraudulent digital transactions…
Report Reveals How Enterprises Must Adapt to Secure Remote Work at Scale
Read the original article: Report Reveals How Enterprises Must Adapt to Secure Remote Work at Scale The COVID-19 pandemic and the shift to contactless commerce is driving major changes in business models and forcing business leaders to re-think the way…
Malware stashed in China-mandated software is more extensive than thought
Read the original article: Malware stashed in China-mandated software is more extensive than thought Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence…
Malware stashed in China-mandated software is more extensive than thought
Read the original article: Malware stashed in China-mandated software is more extensive than thought Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence…
Google bans ads for stalkerware apps—with some exceptions
Read the original article: Google bans ads for stalkerware apps—with some exceptions Google is trying to make it a little harder for a determined stalker to spy remotely on their spouse, partner, or ex by prohibiting advertising for stalkerware apps…
Microsoft’s new KDP tech blocks malware by making parts of the Windows kernel read-only
Read the original article: Microsoft’s new KDP tech blocks malware by making parts of the Windows kernel read-only Microsoft has published today the first technical details about a new security feature that will soon be part of Windows 10. Named…
DHS Brings Web App to Coronavirus Fight
Read the original article: DHS Brings Web App to Coronavirus Fight Never, in most of our lifetimes, have all corners of society collaborated to address a single grave threat as they have done in the fight against COVID-19. While epidemiological…
The more cybersecurity tools an enterprise deploys, the less effective their defense is
Read the original article: The more cybersecurity tools an enterprise deploys, the less effective their defense is The enterprise is slowly improving its response to cybersecurity incidents, but in the same breath, it is still investing in too many tools…
NXTsoft Launches OmniSecure for API Monitoring
Read the original article: NXTsoft Launches OmniSecure for API Monitoring NXTsoft, an API connectivity services provider, today announced the launch of OmniSecure, an API-monitoring solution that provides an additional layer of cybersecurity to NXTsoft’s secure APIs. OmniSecure monitors API security…
This new ransomware is targeting Windows and Linux PCs with a ‘unique’ attack
Read the original article: This new ransomware is targeting Windows and Linux PCs with a ‘unique’ attack A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign. Named Tycoon…
Mobile security forces difficult questions
Read the original article: Mobile security forces difficult questions As governments consider COVID-19 contact tracing and its privacy implications, it’s not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees.…
iOS Mail has ‘critical’ security flaws
Read the original article: iOS Mail has ‘critical’ security flaws Germany’s federal cybersecurity agency has issued a warning urging all iOS users to install Apple’s latest security updates which patch two zero-click security vulnerabilities that impact the company’s default email…
How to get into cybersecurity?
Read the original article: How to get into cybersecurity? Cybersecurity is one of the fastest growing industries globally. Predictions place spending on endpoint security tools at $128 billion by the end of 2020 and spending on cloud security tools at…
Securing Innovation in the Cloud: Best Practices for Remote Development Teams
Read the original article: Securing Innovation in the Cloud: Best Practices for Remote Development Teams Cloud architects are tasked with important responsibilities. They work to conceptualize and build an infrastructure that enables new product development, the creation of new service…
Securing Linux’s master sysadmin command: Sudo
Read the original article: Securing Linux’s master sysadmin command: Sudo Sudo is one of the most powerful and dangerous tools in the Unix or Linux system administrator’s toolbox. With it, an ordinary user can run commands just as if he…
Securing Linux’s master sysadmin command: Sudo
Read the original article: Securing Linux’s master sysadmin command: Sudo Sudo is one of the most powerful and dangerous tools in the Unix or Linux system administrator’s toolbox. With it, an ordinary user can run commands just as if he…
Microsoft Shells Out $100K for IoT Security
Read the original article: Microsoft Shells Out $100K for IoT Security Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things (IoT) that encompasses hardware, OS and cloud elements.…
Crystal Balling the Future of Application Security
Read the original article: Crystal Balling the Future of Application Security If the past four decades have taught us anything, it’s that predicting the future of computing, software, and networking technologies is something of a fool’s errand. That’s undoubtedly the…
Skype phishing attack targets remote workers
Read the original article: Skype phishing attack targets remote workers Remote workers have been warned to take extra care when using video conferencing software after a new phishing scam was uncovered. Researchers from security firm Cofense have revealed hackers are…
Apple Patches Two iOS Zero-Days Abused for Years
Read the original article: Apple Patches Two iOS Zero-Days Abused for Years Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities…
Malwarebytes steps into the VPN space with WireGuard-based service
Read the original article: Malwarebytes steps into the VPN space with WireGuard-based service Available now for Windows 7 and higher—Mac, Android, iOS, and Chrome OS are coming soon—Malwarebytes Privacy costs $59.99 per year. You can also get it bundled with…
API Backdoor Exposes Android Users’ Sensitive Data
Read the original article: API Backdoor Exposes Android Users’ Sensitive Data A recent research paper reports that a set of Android APIs called Installed Application Methods (IAMs) are exposing Android users’ sensitive information to advertisers. IAMs have a legitimate purpose.…
API Backdoor Exposes Android Users’ Sensitive Data
Read the original article: API Backdoor Exposes Android Users’ Sensitive Data A recent research paper reports that a set of Android APIs called Installed Application Methods (IAMs) are exposing Android users’ sensitive information to advertisers. IAMs have a legitimate purpose.…
The Evolution of AppSec: Past, Present and Future
Read the original article: The Evolution of AppSec: Past, Present and Future In a recent podcast with IDG, Chris Wysopal, Veracode Chief Technology Officer, speaks to the evolution of application security (AppSec) over the past ten years. In his evaluation,…
Zoom Boosts Security With Pick-Your-Route Feature
Read the original article: Zoom Boosts Security With Pick-Your-Route Feature Zoom’s paying customers will be able to choose the region they want to use for their virtual meetings, the company announced Monday. Starting Saturday, paying customers can opt in or…
Google, Microsoft talk up security after Zoom firestorm
As video conferencing platform Zoom continues to weather unfavorable headlines about its security, two big market rivals are doubling down on commitments to keeps users safe. In recent weeks, Zoom has faced a barrage of criticism involving privacy and security…
Best antivirus software and apps in 2020: Keep your PCs, smartphones, and tablets safe
Modern operating systems do an outstanding job of protecting against malware and viruses. But the world of malicious software is a rapidly evolving one, and now random acts of destruction that were once the goal of viruses have been replaced…
This fake Discord software could infect your PC
A new variant of the AnarchyGrabber malware has been discovered by MalwareHunterTeam which modifies Discord client files in order to evade detection and steal user accounts every time someone logs into the popular chat service. The malware is distributed on…
Zoom pauses new feature development to focus on privacy, security
Zoom has decided to cease development of new product features so it can focus on fixing various privacy and security issues. The company has seen a surge in the use of its platform in recent weeks, as self isolation in…
State of Software Security: Top 5 Takeaways for Security Professionals
There’s a lot to unpack in our most recent State of Software Security (SOSS) report, including some then vs. now comparisons, a look at the most popular vulnerabilities, and a deep dive into security debt. Here are the five takeaways…
This Chrome extension can help protect you from the worst online threats
Check Point has launched a new extension for Google Chrome called ZoneAlarm Web Secure Free that provides users with free protection against phishing attacks, malicious downloads and dangerous websites. The new solution is an advanced Google Chrome extension that can…
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical…
Hackers are spreading malware through coronavirus maps
The ongoing coronavirus outbreak has disrupted business operations across the globe but cybercriminals are showing no signs of slowing down as they attempt to capitalize on people’s fears surrounding the virus. Back in January, hackers used the coronavirus to launch…
Your VPN or ad-blocker app could be collecting your data
The underpinnings of how app store analytics platforms operate were exposed this week by BuzzFeed, which uncovered the network of mobile apps used by popular analytics firm Sensor Tower to amass app data. The company had operated at least 20…
Unsigned Firmware Puts Windows, Linux Peripherals at Risk
Researchers at firmware security company Eclypsium on Tuesday released new research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other…
Mozilla launches a VPN app for Android and Windows
Mozilla, the organization behind Firefox browser, is bringing its VPN (Virtual Private Network) service to Android and Windows 10 through a dedicated app. The app is currently in the beta phase, and you need an invite to sign up. Once…
EU wants Big Tech to deploy AI tech on its own terms
While China and the US are fighting over information and economic dominance, the European Union is scrambling to lay down a new set of rules that will govern how tech companies operate in the region, especially when it comes to…
Google Play apps with 470k installs can log in to your Facebook and Google accounts
Researchers on Thursday documented two new malware campaigns targeting Android users. The first involved nine apps that had been downloaded from Google Play more than 470,000 times. With names such as Speed Clean and Super Clean, the apps masqueraded as…
Google fixes no-user-interaction bug in Android’s Bluetooth component
Google has patched this week a critical security flaw in Android’s Bluetooth component. If left unpatched, the vulnerability can be exploited without any user interaction and can even be used to create self-spreading Bluetooth worms, experts said. Fixes for the…
Microsoft detects new Evil Corp malware attacks
Microsoft has observed that the hacking group known as Evil Corp or TA505 has switched up the tactics in its ongoing phishing campaign to deliver malware by using malicious Excel documents. The company provided more details on the new campaign…
Google paid researchers $6.5 million in bug bounties last year
That $6.5 million figure is almost double the $3.4 million it handed out the previous year. The company writes that since their introduction in 2010, its Vulnerability Reward Programs (VRP) have paid out more than $21 million in total. In…
All major antivirus vendors will continue to support Windows 7 post EOL
All the major antivirus software makers plan to continue supporting their products past the Windows 7 end of life (EOL) date. Most vendors, with a few exceptions, have confirmed that their products will continue to run on Windows 7 systems…
The best password managers
In today’s digital age, hackers are becoming increasingly sophisticated in their efforts to gain access to your accounts and data. Aside from breaching databases and exploiting software vulnerabilities, another attack vector is your weak password. Basic digital self-defense requires you…
Google finds security flaws in Apple’s web browser
Multiple security flaws in Apple’s Safari browser have been discovered by Google researchers according to a new report from the Financial Times. The flaws were found in Safari’s Intelligent Tracking Prevention feature that is designed to protect users from cross-site…
This free ransomware decryption tool just got a handy update
A free decryption tool for a form of ransomware which has plaguing victims 2017 has just been updated with additional capabilities to make it more effective at returning encrypted files – without the need to give into the demands of…
ExpressVPN will now come pre-installed on all Dynabook laptops
ExpressVPN and Dynabook have announced a new global partnership with the aim of providing all of the PC maker’s users with increased internet protection on their devices. As part of the partnership, Dynabook will preinstall ExpressVPN on all new and…
Clop ransomware looks to target Windows 10 apps
A new variant of the Clop ransomware which targets Windows 10 apps such as text editors and office applications as well as other processes has been discovered in the wild. When the Clop ransomware first appeared in February of 2019,…
Researchers unearth malicious Google Play apps linked to active exploit hackers
Researchers have found more malicious Google Play apps, one of which exploits a serious Android rooting vulnerability so the app can take screenshots and collect other types of sensitive user information. Camero exploits CVE-2019-2215, a potent vulnerability discovered in October…
How AI is preventing email phishing attacks
Since its invention in 1970, email has undergone very little changes. Its ease of use has made it the most common method of business communication, used by 3.7 billion users worldwide. Simultaneously, it has become the most targeted intrusion point…