N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

October 27, 2023 at 11:43AM The Lazarus Group, a North Korea-linked threat actor, has launched a new cyber attack campaign targeting a software vendor through known security flaws in another software. The attack involved the deployment of malware families such as SIGNBT and LPEClient. The Lazarus Group has demonstrated advanced evasion techniques and targeted other … Read more

IriusRisk Brings Threat Modeling to Machine Learning Systems

October 26, 2023 at 10:06PM Organizations are increasingly adopting threat modeling to identify security flaws in software design, particularly with the rising use of machine learning. Threat modeling helps organizations understand security risks and mitigate them in machine learning systems. IriusRisk offers a threat modeling tool that automates the process and includes an AI & … Read more

Apple Ships Major iOS, macOS Security Updates

October 25, 2023 at 03:57PM Apple released major security updates for macOS and iOS, addressing numerous vulnerabilities that could potentially lead to hacker attacks. The updates address a total of 21 iOS security vulnerabilities and 44 macOS flaws, including code execution and data exposure issues. Apple also patched an already-exploited vulnerability reported by Kaspersky. The … Read more

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms

October 25, 2023 at 09:45AM Critical security flaws in the OAuth implementation of popular online services such as Grammarly, Vidio, and Bukalapak have been disclosed. These weaknesses could have allowed malicious actors to hijack user accounts by obtaining access tokens. The vulnerabilities have been addressed by the respective companies. OAuth, commonly used for cross-application access, … Read more

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

October 17, 2023 at 10:51AM Two critical security flaws have been discovered in the CasaOS personal cloud software. These vulnerabilities allow attackers to bypass authentication and gain full access to the CasaOS dashboard. Additionally, attackers can exploit third-party applications to execute arbitrary commands on the system and gain persistent access. The flaws have been addressed … Read more

Can open source be saved from the EU’s Cyber Resilience Act?

October 13, 2023 at 10:49AM The European Union’s Cyber Resilience Act (CRA) is causing concern among the open source community. The Act, aimed at addressing cybersecurity issues, imposes strict regulations on software publishers, potentially hindering open source development. The open source community is advocating for more flexibility in the regulations and better understanding of how … Read more