Security News > 2022 > August

Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country.

The U.S. Federal Bureau of Investigation on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification.

It can brute force passwords in the 9-12 character range too, if attackers just complement its speed with a few basic rules, masks, and dictionaries. Threat actors could still crack a decent share of passwords, given enough dwell time and contextual information from a compromised environment.

In this Help Net Security video, Jon Hencinski, VP of Security Operations at Expel, talks about how their SOC team has recently observed Business Email Compromise (BEC) attacks across multiple...

Bring your own EDR: Stellar Cyber could be classified as an Open XDR as it ingests all types of data to identify incidents; however, it is not an extension of an EDR product. Conversely, Stellar Cyber offers pre-built integrations to any major EDR vendors meaning you can use whatever EDR you with Stellar Cyber, no rip and replace required.

The U.S. Federal Trade Commission on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "Wealth of information" about users by purchasing data from other data brokers to sell to its own clients.

Security Compass has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. In order for software developers and security teams to effectively collaborate and ensure that a company's software products are secure, developers need automated, current, relevant, and actionable JITT training embedded into their development tools and processes.

A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. Backup and recovery infrastructure for managing data could be considered outdated.

Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications. The T&Cs spell out that developers must declare the use of VPNservice in their apps' Google Play listing, must encrypt data from the device to the VPN endpoint, and must comply with Developer Program Policies, particularly those related to ad fraud, permissions, and malware.

Amongst those frameworks, Sliver appeared in 2019 as an open-source framework available on Github and advertised to security professionals. Sliver supports several different network protocols to communicate between the implant and its C2 server: DNS, HTTP/TLS, MTLS, and TCP might be used.