Recent Security News
-
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit
October 13, 2023 at 11:38AM A single-click exploit has raised concerns about the security of Microsoft’s Visual Studio IDE once again. Developed by security researcher Zhiniang Peng, the exploit takes advantage of the default implementation of the IDE’s “trusted locations” feature. Peng argues that enabling this feature by default would protect users from potential attacks,…
-
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
October 13, 2023 at 11:24AM A new cyber attack campaign called PEAPOD has targeted EU military personnel and political leaders working on gender equality. Cybersecurity firm Trend Micro has attributed the attacks to a threat actor known as Void Rabisu, which is associated with Cuba ransomware. The group conducts both financial motivated and espionage attacks,…
-
CISA shares vulnerabilities, misconfigs used by ransomware gangs
October 13, 2023 at 10:57AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared new details about vulnerabilities exploited by ransomware groups in order to help critical infrastructure organizations defend against attacks. Through its Ransomware Vulnerability Warning Pilot program, CISA has identified over 800 vulnerable systems frequently targeted by ransomware operations. CISA has also…
-
Can open source be saved from the EU’s Cyber Resilience Act?
October 13, 2023 at 10:49AM The European Union’s Cyber Resilience Act (CRA) is causing concern among the open source community. The Act, aimed at addressing cybersecurity issues, imposes strict regulations on software publishers, potentially hindering open source development. The open source community is advocating for more flexibility in the regulations and better understanding of how…
-
CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware
October 13, 2023 at 10:12AM The US cybersecurity agency CISA has released two new resources to help organizations identify and eliminate security flaws targeted by ransomware groups. The resources include a column in the Known Exploited Vulnerabilities catalog that flags flaws associated with ransomware campaigns, and a table on the StopRansomware project’s website listing misconfigurations…