Recent Security News
-
No Security Scrutiny for Half of Major Code Changes: AppSec Survey
February 15, 2024 at 09:51AM A recent AppSec survey found that costly code reviews, limited security scrutiny, and manual cataloging of applications and APIs are common issues. Only 54% of major code changes undergo full security reviews, and organizations face challenges with the time and cost of the review process. The survey also highlights the…
-
New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks
February 15, 2024 at 09:51AM New Wi-Fi authentication bypass vulnerabilities in open source software discovered by Mathy Vanhoef and Heloise Gollier pose threats to enterprise and home networks. The flaws affect Wpa_supplicant and Intel’s iNet Wireless Daemon (IWD) software. Exploitation could lead to traffic interception and unauthorized access to Wi-Fi networks. Vendors have been notified…
-
AWS SNS Compromises Fuel Cloud Smishing Campaign
February 15, 2024 at 09:13AM Threat actors are conducting an innovative “smishing” campaign using AWS SNS and a custom script to impersonate the US Postal Service. This abuse of cloud-based messaging platforms reflects a growing trend. The SNS Sender attack lures users with fake USPS notifications to steal personally identifiable information and payment-card details. Businesses…
-
Cybercriminals are stealing Face ID scans to break into mobile banking accounts
February 15, 2024 at 09:02AM Cybercriminals have targeted iOS users by distributing trojanized smartphone apps, named GoldPickaxe and GoldPickaxe.iOS, in Vietnam and Thailand. These apps collect biometric data and intercept SMS messages to access bank accounts. They use deepfake technology and social engineering to steal identities and break into victims’ banks. This reveals the maturity…
-
New Qbot malware variant uses fake Adobe installer popup for evasion
February 15, 2024 at 08:29AM New QBot malware variants have been detected in email campaigns since mid-December, indicating ongoing development and distribution. The malware, also known as Qakbot, deploys through fake Adobe product installers and has caused significant financial damages in the past. Security researchers are closely monitoring the evolving threat and updating detection rules.…