Security News > 2023 > October

Cybersecurity attacks, in all their various forms, are inevitable and relentless. This quick glossary from TechRepublic Premium explains the terminology behind the most common cybersecurity attacks in use today and will help you understand what vulnerabilities are being targeted and what you should look for as you attempt to counteract their impact.

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. Qualcomm says it has released security updates that address the issues in its Adreno GPU and Compute DSP drivers, and impacted OEMs were also notified.

Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from...

Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. The libwebp library is used by a large number of projects for encoding and decoding images in the WebP format, including modern web browsers like Safari, Mozilla Firefox, Microsoft Edge, Opera, and the native Android web browsers, as well as popular apps like 1Password and Signal.

The Cybertech Europe conference and exhibition takes place at La Nuvola Convention Center in Rome, and features the latest innovative solutions from dozens of companies and speakers, including senior government officials, C-level executives, and industry trailblazers from Europe and around the world. Conference sessions cover various topics and touch upon different sectors - from security to logistics, through finance, education, and health.

A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings. In August 2023, Proofpoint warned of another EvilProxy campaign, which distributed approximately 120,000 phishing emails to hundreds of organizations, targeting their employees' Microsoft 365 accounts.

The US's Cybersecurity and Infrastructure Security Agency has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities Catalog.With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a "Significant risk to the federal enterprise," and agencies in the Federal Civilian Executive Branch have been set a three-week deadline of October 23 to apply the recommended fixes.

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and...

Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain...

A vulnerability in the kernel drivers for several Mali GPUs "May be under limited, targeted exploitation," British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm's Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other manufacturers.