Security News

Zoom stomps critical privilege escalation bug plus 6 other flaws
2024-02-15 15:30

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation for unauthenticated users via network access.

Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
2024-02-15 15:08

The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in...

Three critical application security flaws scanners can’t detect
2024-02-15 15:01

In today's interconnected world, web application security is crucial for business continuity. While automated vulnerability scanners play a vital role in safeguarding applications, they have certain limitations that can result in critical flaws going undetected.

Turla hackers backdoor NGOs with new TinyTurla-NG malware
2024-02-15 14:49

Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. According to the researchers, TinyTurla-NG is actively targeting multiple NGOs in Poland.

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
2024-02-15 14:20

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains....

Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts
2024-02-15 14:00

Cybercriminals are targeting iOS users with malware that steals Face ID scans to break into and pilfer money from bank accounts - thought to be a world first. iOS target Android and iOS respectively, tricking users into performing biometric verification checks that are ultimately used to bypass the same checks employed by legitimate banking apps in Vietnam and Thailand - the geographic focus of these ongoing attacks.

New Qbot malware variant uses fake Adobe installer popup for evasion
2024-02-15 13:27

One of the variants observed uses on Windows a fake installer for an Adobe product to trick the user into deploying the malware. Sophos' Advanced Threat Response Joint Task Force, or Sophos X-Ops for short, noticed fresh Qbot activity recently, with up to 10 new malware builds emerging since mid-December.

Battery maker Varta halts production after cyberattack
2024-02-15 12:11

German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack.The cyberattack occurred on Monday night and affected five of the company's production plants and the administration.

On the Insecurity of Software Bloat
2024-02-15 12:04

Adam February 15, 2024 7:27 AM. I remember watching a video with Brian Snow and Dan Geer and Brian talked about how they took a standard office package and were able to remove 80-90 % of the code and still maintain all the functionality. Because of inefficiencies in the code and poor working structure of the people who wrote it.

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
2024-02-15 11:30

With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever,...