Security News

Hackers Sign Android Malware Apps with Compromised Platform Certificates
2022-12-02 13:56

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the Android Partner Vulnerability Initiative reads.

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
2022-12-02 13:32

The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
2022-12-02 13:32

The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.

The Value of Old Systems
2022-12-02 13:00

How valuable is it to keep older solutions like this running? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them. Companies continue to use old physical equipment because, after all, that old storage system is still accessible and the tapes can be read when needed.

The Value of Old Systems
2022-12-02 13:00

How valuable is it to keep older solutions like this running? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them. Companies continue to use old physical equipment because, after all, that old storage system is still accessible and the tapes can be read when needed.

LastPass Security Breach
2022-12-02 12:09

The company was hacked, and customer information accessed. No passwords were compromised.

All of Medibank’s stolen data leaked, Australia increases maximum penalties for data breaches
2022-12-02 11:49

Australian health insurance provider Medibank has confirmed that another batch of the customer data stolen in the recent breach has been leaked. Medibank is making an effort to minimize the bad news, somewhat, by saying that much the data leaked is incomplete and hard to understand.

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
2022-12-02 11:29

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw, dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "First-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure."

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
2022-12-02 11:29

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw, dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "First-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure."

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
2022-12-02 11:09

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.