Recent Security News
-
Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks
March 8, 2024 at 08:03AM Cybersecurity firm ESET reports that a Chinese APT group known as Evasive Panda has been targeting Tibetans through watering hole and supply chain attacks. The group has a history of cyberespionage operations primarily targeting government entities in China, India, and other Asian countries. Evasive Panda has been leveraging compromised websites…
-
Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors
March 8, 2024 at 08:03AM Multiple vulnerabilities in Sceiner firmware enable attackers to exploit smart locks, compromising the integrity of devices supplied under Sceiner’s name and other brands such as Kontrol and Elock, as revealed by Aleph Research. The vulnerabilities impact products using firmware versions 6.5.x to 6.5.07 and the TTLock app version 6.4.5, with…
-
Swiss cheese security? Play ransomware gang milks government of 65,000 files
March 8, 2024 at 07:37AM Full Article
-
How to Ensure Open-Source Packages Are Not Mines
March 8, 2024 at 07:23AM Open-source repositories are crucial for modern applications, but carelessness can introduce backdoors and vulnerabilities. A new security framework by CISA and OpenSSF recommends controls to enhance security. The guidelines aim to prevent incidents like namesquatting and unintentional inclusion of malicious software in repositories. This comes as IT departments are grappling…
-
Cyber Insurance Strategy Requires CISO-CFO Collaboration
March 8, 2024 at 06:39AM Full Article