Security News

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a...

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "Pay or consent" advertising model or risk-facing enforcement measures, including sanctions. As per the E.U. Digital Markets Act, companies in gatekeeper roles are required to seek users' express consent before utilizing their data for offering services that go beyond their core functionality or provide access to a less personalized but equivalent version of the platforms for those who refuse to opt in.

Using the exploit to abuse a vulnerability that ESET named "EvilVideo," attackers could share malicious Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. "We found the exploit being advertised for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves," explains ESET researcher Lukáš Štefanko, who discovered the Telegram exploit.

The Computer Emergency Response Team of Ukraine has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using keyloggers and backdoors. Opening the document and enabling macros results in the execution of an encoded HTML Application named HATVIBE, which sets up persistence on the host using a scheduled task and paves the way for a Python backdoor codenamed CHERRYSPY, which is capable of running commands issued by a remote server.

Webinar As artificial intelligence continues to transform industries in the Middle East, protecting systems from cyber threats is critical. Industry awareness: Explore the current state of AI awareness across various sectors in the Middle East, and understand specific industry challenges and solutions.

How should CISOs approach AI adoption? When weighing new AI tools, CISOs must examine the risk of a few key factors. These considerations apply to all tools that may leverage AI across all business departments, not just security tools that use AI. The first is data handling practices, from collection and processing to storage and encryption, ensuring robust access controls are in place.

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. The significant policy reversal comes nearly three months following the company's announcement that it intends to eliminate third-party cookies starting early next year after repeated delays, underscoring the project's tumultuous history.

Here's our list of 10 companies with big plans. AI helps companies transform their end-to-end compliance process management through artificial intelligence by making legal information from various issuers digitally accessible and automating the evaluation of regulatory impacts on companies in highly regulated sectors.

In this Help Net Security video, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the key findings of their recent annual SaaS Security Survey Report, conducted in partnership with the Cloud Security Alliance. Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions.

Intel builds platforms and technologies that drive the convergence of AI and confidential computing, enabling customers to secure diverse AI workloads across the entire stack. Confidential computing helps secure data while it is actively in-use inside the processor and memory; enabling encrypted data to be processed in memory while lowering the risk of exposing it to the rest of the system through use of a trusted execution environment.