Security News

Don’t ignore the security risks of limitless cloud data
2022-12-02 05:30

Our sensitive data must be accounted for and protected, and the security industry and public sector must work together to establish technologies and strategies to ensure proper data management. The goal of cloud data security isn't to lock down data and ensure that it can never be moved or changed.

Consumers want convenience without sacrificing security
2022-12-02 05:00

Consumers worldwide want frictionless online experiences without sacrificing the security of personal information, according to a recent survey from Ping Identity. With 63% feeling better about services that use multi-factor authentication at login, an increase from 53% last year, it's clear that businesses across all industries must provide convenience without sacrificing security to win over consumers.

CI Fuzz CLI: Open-source tool to test Java apps for unexpected behaviors
2022-12-02 04:30

CI Fuzz CLI, the open-source Command-Line Interface tool from Code Intelligence, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup to find functional bugs and security vulnerabilities at scale. CI Fuzz CLI, available on GitHub, leverages genetic and evolutionary algorithms and automated instrumentation to dynamically generate millions of unusual inputs to test Java applications for unexpected behaviors that may lead to crashes, DoS or zero-day exploits.

Financial organizations more prone to accidental data leakage
2022-12-02 04:00

Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. 44 percent of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47 percent worry about contractors and partners, compared to 30 percent and 36 percent respectively in other verticals surveyed.

Samsung, LG, Mediatek certificates compromised to sign Android malware
2022-12-02 02:43

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware. OEM Android device manufacturers use platform certificates, or platform keys, to sign devices' core ROM images containing the Android operating system and associated apps.

Compromised OEM Android platform certificates used to sign malware
2022-12-02 02:43

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware. OEM Android device manufacturers use platform certificates, or platform keys, to sign devices' core ROM images containing the Android operating system and associated apps.

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover
2022-12-01 23:30

Nvidia fixed more than two dozen security flaws in its GPU display driver, the most severe of which could allow an unprivileged user to modify files, and then escalate privileges, execute code, tamper with or steal data, or even take over your device. In total, the chipmaker patched 29 vulnerabilities affecting Windows and Linux products, including 10 high-severity bugs.

Android malware infected 300,000 devices to steal Facebook accounts
2022-12-01 20:52

An Android malware campaign masquerading as reading and education apps has been underway since 2018, attempting to steal Facebook account credentials from infected devices. According to a new report by Zimperium, the campaign has infected at least 300,000 devices across 71 countries, primarily focusing on Vietnam.

The CHRISTMA EXEC network worm – 35 years and counting!
2022-12-01 20:35

December 2022 sees the 35th anniversary of the first major self-spreading computer virus - the infamous CHRISTMA EXEC worm that temporarily crushed the major mainframe networks of the day. Not by any deliberately coded side-effects such as file scrambling or data deletion, but simply by leeching too much network bandwidth for its own unauthorised purpose.

Google warns about commercial Heliconia spyware hitting Chrome, Firefox and Microsoft Defender
2022-12-01 20:30

Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.