Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data. This article has been indexed from Securelist Read the original article: Evil Telegram doppelganger attacks Chinese users
Tech-Enhanced Exploration: Navigating the Netherlands with Apps and More
The Netherlands, with its picturesque landscapes, rich cultural heritage, and vibrant cities, has long been a sought-after destination for travelers worldwide. However, in today’s digital … Read more The post Tech-Enhanced Exploration: Navigating the Netherlands with Apps and More appeared…
CISA Adds Critical RocketMQ Bug to Must-Patch List
Apache flaw can enable remote command execution This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA Adds Critical RocketMQ Bug to Must-Patch List
Regulator to Investigate Fertility App Security Concerns
ICO reveals over half of women are worried about their data This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Regulator to Investigate Fertility App Security Concerns
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up…
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)
Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The…
North Korean hackers target security researchers with zero-day exploit
North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.…
Dymocks – 836,120 breached accounts
In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and…
CISA Adds Critical RocketMQ Bug to Must-Patch List
Apache flaw can enable remote command execution This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CISA Adds Critical RocketMQ Bug to Must-Patch List
Dymocks – 836,120 breached accounts
In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and…
Apple Patches Two Zero-Days Exploited in Pegasus Attacks
Users of iOS devices urged to enable lockdown mode This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Apple Patches Two Zero-Days Exploited in Pegasus Attacks
Apple Discloses 2 Zero-Day Flaws Exploited to Hack iPhones & Mac
Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow. Reports indicate that these vulnerabilities are being actively exploited. This is considered a high-risk vulnerability…
Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?
Silicon UK Pulse: Your Tech News Update: Episode 17
Welcome to Silicon UK Pulse – your roundup of the latest tech news and developments impacting your business for the week ending 08/09/2023. This article has been indexed from Silicon UK Read the original article: Silicon UK Pulse: Your Tech…
SSO Implementation Flaw In Cisco Broadworks Let Attackers Forge Credentials
A single sign-on (SSO) implementation flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform might make it possible for a remote, unauthenticated attacker to forge credentials to access a vulnerable system. This “Critical” severity vulnerability has…
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect…
Concerns Over Cyber Attacks Growing Among UK Schools
As the new term approaches, schools across the United Kingdom are grappling with a rising threat – cyberattacks. Many institutions, whether they are gearing up to open their doors or have already commenced preparations, are finding it increasingly challenging to…
How to Achieve Maximum Security in Virtualized Data Centers
Virtualized data centers have become the backbone of modern IT infrastructure, offering scalability, efficiency, and cost-effectiveness. However, as data center virtualization continues to grow, ensuring utmost security has become paramount. This article explores strategies and best practices for achieving maximum…
Global Ticketing Giant Hacked: Attackers Accessed Customers’ Payment Data
A Global Ticketing Giant company, See Tickets, recently reported a data breach that exposed the payment card information of over 300,000 customers. See Tickets, owned by Vivendi Ticketing, revealed the latest breach in a complaint with Maine’s attorney general. The ticketing business…
Multiple ArubaOS vulnerabilities Let Attackers Execute Arbitrary Code
Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root of Trust bypass. Aruba has released a security advisory for addressing these vulnerabilities. At the…
Microsoft, recently busted by Beijing, thinks it’s across China’s ever-changing cyber-offensive
Sometimes using AI to make hilariously wrong images that still drive social media engagement Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled “Digital threats…
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced…
Internal discussions of a large ransomware-as-a-service Group Exposed
RaaS (Ransomware-as-a-service) is actively strengthening the ransomware attacks, but understanding their operations is restricted by illegality. That’s why ransomware attacks have surged in scale and complexity over the past decade, driven by RaaS models like Conti (formerly Ryuk). However, the…
New infosec products of the week: September 8, 2023
Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, Ghost Security, Hornetsecurity, NTT Security Holdings, and TXOne Networks. Reaper: Open-source reconnaissance and attack proxy workflow automation Reaper is an open-source reconnaissance and attack…