Recent Security News
-
Q&A: How One Company Gauges Its Employees’ Cybersecurity ‘Fluency’
January 17, 2024 at 12:52PM TAG.Global now mandates all employees to take a cybersecurity fluency assessment to enhance awareness and responsibility for information security. The test, covering various security subjects, aims to build a strong cybersecurity culture. Tawfiq Talhouni plans to extend the program outside the company, contributing to cybersecurity awareness in the Middle East.…
-
US Gov Issues Warning for Androxgh0st Malware Attacks
January 17, 2024 at 11:36AM CISA and FBI have issued a joint advisory warning about Androxgh0st malware creating a botnet to target vulnerable networks. The malware primarily targets .env files containing sensitive information for AWS, Microsoft Office 365, SendGrid, and Twilio. It can abuse SMTP for scanning, exploit stolen credentials and APIs, and deploy web…
-
Sophisticated MacOS Infostealers Get Past Apple’s Built-In Detection
January 17, 2024 at 11:26AM Info-stealers like KeySteal, Atomic Infostealer, and CherryPie are increasingly targeting macOS by evading Apple’s built-in malware protection. These sophisticated stealers have evolved with new variants that can bypass detection engines, such as macOS’s XProtect. Even with recent updates, these malware strains pose a continued threat, necessitating ongoing vigilance from macOS…
-
Nearly 7K WordPress Sites Compromised by Balada Injector
January 17, 2024 at 11:04AM Over 6,700 WordPress sites were infected with the Balada Injector malware through a vulnerable Popup Builder plug-in, exploiting a cross-site scripting vulnerability (CVE-2023-6000). This long-running campaign has compromised over 1 million WordPress sites. Security experts advise implementing integrity monitoring and conducting routine updates to mitigate these threats. Based on the…
-
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
January 17, 2024 at 10:36AM The ‘LeftoverLocals’ vulnerability affects GPUs from AMD, Apple, Qualcomm, and Imagination Technologies, allowing data retrieval from local memory. Discovered by Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, it exploits incomplete memory isolation in GPU frameworks, enabling unauthorized data access. Mitigation efforts are underway, including patching and recommending automatic…