Security News > 2023 > October
A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. Badbox-infected devices are able to steal personally identifiable information, establish residential proxy exit peers, steal one-time passwords, create fake messaging and email accounts, and other unique fraud schemes.
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka...
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.
Organizations would assess vulnerabilities at specified intervals, typically following a security incident or a scheduled audit. Let's explore the differences between these two approaches and how they can help organizations enhance their application security program, and beyond.
Qualcomm has fixed three actively exploited vulnerabilities in its Adreno GPU and Compute DSP drivers. Vulnerabilities exploited in Qualcomm GPU and DSP drivers.
Apple made a big change in November 2017 when it released the iPhone X: It ditched Touch ID fingerprint security for a new face-based biometric sign-on tool called Face ID. The fingerprint scanner on most post-iPhone X Apple products is gone, and in its place is a new camera array capable of capturing a face map that is, according to Apple, 20 times less likely to be hacked than a Touch ID fingerprint. Face ID maps faces in a similar way to how Touch ID maps fingerprints: It doesn't store an image, but instead makes a map of the face using data points.
Sony Interactive Entertainment has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.According to the data breach notification, the compromise happened on May 28, three days before Sony learned from Progress Software about the flaw, but it was discovered in early June.
Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the...
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit...
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.