-
Government Sets Out New Rules to Enhance App Security
PRIVACY PRIVACY Voluntary code of conduct is designed for developers and app store operators Read More
-
JSON-based SQL injection attacks trigger need to update web application firewalls
PRIVACY PRIVACY Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82,…
-
New Ransom Payment Schemes Target Executives, Telemedicine
PRIVACY PRIVACY Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing…
-
US Sues TikTok Over Child Safety and Data Security Claims
PRIVACY PRIVACY The Indiana court said TikTok promoted age-restricted content regardless of a user’s age Read More
-
Iranian APT Agrius Targets Diamond Industry Worldwide With Fantasy Wiper
PRIVACY PRIVACY The group conducted supply chain attacks against the diamond industry across three continents Read More
-
Apple Introduces New Data Protections to Increase Cloud Security
PRIVACY PRIVACY The new features will be globally available in 2023, but one of them already is for some US users Read More
-
Metaparasites: The cybercriminals who rip each other off
PRIVACY PRIVACY Researchers at Sophos have investigated so-called “metaparasites” – the scammers who scam other scammers. Read More
-
#BHEU: Time for Cyber Pros to Shape the Industry’s Future
PRIVACY PRIVACY Jen Ellis urges the cyber industry to take a leading role in shaping its future, during Black Hat Europe 2022 Read More
-
North Korean hackers exploit Seoul Halloween tragedy in zero-day attack
PRIVACY PRIVACY Malicious hackers, hell-bent on infiltrating an organisation, have no qualms about exploiting even the most tragic events. Read more in my article on the Tripwire State of Security blog. Read More
-
Leaked Signing Keys Are Being Used to Sign Malware
PRIVACY PRIVACY A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to…