Why Zero Trust Is the Cloud Security Imperative

October 16, 2023 at 03:07AM Zero trust, a security concept, is crucial for protecting cloud environments due to the increasing prevalence of data breaches and cyberattacks. Traditional security models that rely on securing the network perimeter are ineffective in cloud environments where data is dispersed and accessed from anywhere. Zero trust emphasizes continuous verification, least … Read more

3 Essential Steps to Strengthen SaaS Security

October 16, 2023 at 03:07AM Summary: SaaS applications have become essential in the business world, but their security is crucial. This article outlines three key steps for implementing SaaS security: discovering SaaS usage within the organization, performing risk assessments on each application, and managing user permissions effectively. These steps are necessary for maintaining a secure … Read more

Signal says there is no evidence rumored zero-day bug is real

October 16, 2023 at 02:06AM Signal messenger has investigated rumors of a zero-day security vulnerability related to its link preview feature but found no evidence of its existence. US government sources also confirmed that there is no information suggesting the vulnerability is valid. Signal advises users to disable the link previews feature as a precaution … Read more

Binance’s Smart Chain Exploited in New ‘EtherHiding’ Malware Campaign

October 16, 2023 at 01:12AM Threat actors are using Binance’s Smart Chain (BSC) contracts to host and deliver malicious code, making it difficult to detect and stop their attacks. The campaign, known as EtherHiding, leverages compromised WordPress sites to deceive users into downloading malware through fake browser update notices. The decentralized nature of blockchain makes … Read more

Regulator, insurers and customers all coming for Progress after MOVEit breach

October 15, 2023 at 11:00PM The US Securities and Exchange Commission (SEC) is investigating Progress Software’s MOVEit file transfer software following a data breach. Progress admitted to receiving a subpoena from the SEC and stated that it is facing multiple class-action lawsuits and other litigation over the breach. Progress also disclosed that it has received … Read more

Steam enforces SMS verification to curb malware-ridden updates

October 15, 2023 at 01:53PM Valve is implementing additional security measures on Steam to address the recent outbreak of malware being pushed from compromised publisher accounts. Starting October 24, game developers will be required to pass an SMS-based security check before pushing updates, and the same requirement will be enforced for adding new users to … Read more

Women Political Leaders Summit targeted in RomCom malware phishing

October 15, 2023 at 01:53PM A lightweight variant of the RomCom backdoor was used to target participants of the Women Political Leaders Summit in Brussels. The attackers created a fake website to lure attendees, and the new variant of RomCom employs a stealthier backdoor with a TLS-enforcement technique to make detection more difficult. This attack … Read more

AI algorithm detects MitM attacks on unmanned military vehicles

October 15, 2023 at 01:53PM Researchers at the University of South Australia and Charles Sturt University have developed an algorithm using machine learning to detect man-in-the-middle (MitM) attacks on unmanned military robots. The algorithm, tested on a replica of the GVR-BOT used by the U.S. Army, achieved a 99% success rate in preventing attacks. The … Read more

DarkGate malware spreads through compromised Skype accounts

October 15, 2023 at 01:53PM DarkGate malware attacks have been using compromised Skype accounts to infect targets. The attacks involve VBA loader script attachments that download an AutoIT script to drop and execute the final DarkGate malware payload. Trend Micro researchers also observed DarkGate being pushed through Microsoft Teams. The malware-as-a-service operation has seen a … Read more

Ubuntu discovers ‘hate speech’ in release 23.10 — how to upgrade?

October 14, 2023 at 07:41AM Ubuntu, the popular Linux distribution, has removed its Desktop release 23.10 after discovering hateful language in the Ukrainian translations. A malicious contributor injected anti-Semitic, homophobic, and xenophobic slurs into the distribution using a third-party tool. Ubuntu has taken down the affected images and will release a new version once the … Read more