October 16, 2023 at 09:15AM The Android banking trojan, SpyNote, has been analyzed, revealing its various information-gathering capabilities. Spread through SMS phishing campaigns, the malware tricks victims into installing it by clicking on embedded links. It hides its presence on the device, seeks accessibility permissions, and can record audio, phone calls, and keystrokes. The malware … Read more
October 16, 2023 at 08:25AM The text discusses the importance of SaaS security and highlights key findings from the SaaS Security Survey Report. It emphasizes the need for automated configuration and monitoring tools, as well as the critical role of identity and access governance. The risks associated with third-party connected apps are also examined. The … Read more
October 16, 2023 at 08:24AM Microsoft is working on new features for Kerberos to improve Windows authentication security and eliminate the use of the NTLM protocol. The features include Initial and Pass Through Authentication Using Kerberos (IAKerb), which allows authentication through a server in firewall segmented environments or remote access scenarios. The second feature is … Read more
October 16, 2023 at 08:24AM The UK Financial Conduct Authority (FCA) has fined Equifax Ltd, the UK arm of Equifax Inc, more than £11 million over the 2017 data breach. The cyberattack impacted approximately 147 million people, including 13.8 million UK consumers. The FCA found that Equifax Ltd failed to properly manage and monitor the … Read more
October 16, 2023 at 08:24AM Chinese IoT and video surveillance product maker Milesight’s industrial cellular routers have a vulnerability that exposes system log files with passwords for administrators and users. Although the flaw has likely been patched for years, there have been some small-scale exploitation attempts observed. These routers are used in various sectors such … Read more
October 16, 2023 at 07:55AM Microsoft has resolved a known issue that caused Windows 10 security updates to fail with 0x8007000d errors. The problem affected Windows 10 21H2 and Windows 10 22H2, and the KB5031356 security update. Microsoft used Known Issue Rollback (KIR) to fix the issue, and the fix should automatically propagate to all … Read more
October 16, 2023 at 06:30AM Messaging app Signal denies the existence of a zero-day flaw in its software, stating that it found no evidence to support the claim. The company has checked with the U.S. government and is urging users with legitimate information to report it. As a precaution, users have been advised to disable … Read more
October 16, 2023 at 06:24AM Israeli rocket alerting applications have been targeted by threat actors following the Israel-Gaza conflict. AnonGhost, a pro-Palestinian hacktivist group, successfully compromised at least one application, sending fake alerts including nuclear bomb messages. Another threat actor created a malicious version of the ‘RedAlert – Rocket Alerts’ app to infect users with … Read more
October 16, 2023 at 06:24AM The US Environmental Protection Agency (EPA) has withdrawn cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations. The attorney generals of Missouri, Arkansas, and Iowa challenged the requirements, arguing they would burden small towns financially. The American Water Works Association (AWWA) and the … Read more
October 16, 2023 at 04:37AM Discord’s content delivery network (CDN) is being exploited by threat actors to distribute the Lumma Stealer malware, which steals user credentials. The malware is spread through direct messages, offering victims Discord Nitro boost in exchange for assistance and prompting them to download a file. Lumma Stealer can steal cryptocurrency wallets … Read more