Security News

More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. "Hence, we determine that most critical open source projects analysed, even those written in memory-safe languages, potentially contain memory safety vulnerabilities," wrote the authors.

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. According to an 8-K form filed with the U.S. Securities and Exchange Commission, Prudential detected the incident on February 5, one day after the attackers breached its systems and accessed administrative/user data and employee/contractor accounts.

CDK Global says that its dealer management system, impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships. "We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System," CDK spokesperson Lisa Finney told BleepingComputer.

An Australian man was charged by Australia's Federal Police for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials. An evil twin WiFi network is a malicious/fake wireless access point that uses the identical SSID as that of a legitimate or expected network in a specific area.

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. "The threat actors gathered administrator-level credentials to gain access to Cisco Nexus switches and deploy a previously unknown custom malware that allowed them to remotely connect to compromised devices, upload additional files and execute malicious code."

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting...

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. Indirector exploits flaws in Indirect Branch Predictor and Branch Target Buffer, two hardware components found in modern Intel CPUs, to manipulate speculative execution for data extraction. The Indirect Branch Predictor is designed to predict the target addresses of indirect branches using historical execution information, while the Branch Target Buffer predicts the target addresses of direct branches using a set-associative cache structure.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

A new OpenSSH unauthenticated remote code execution vulnerability dubbed "RegreSSHion" gives root privileges on glibc-based Linux systems. Exploitation of regreSSHion can have severe consequences for the targeted servers, potentially leading to complete system takeover.

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the...