Security News

Twitter disclosed that a 'security incident' caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle. Twitter Circle is a feature released in August 2022 that allows users to send tweets to a small circle of people, promising to keep them private from the public.

The North Korean Kimsuky hacking group has been observed employing a new version of its reconnaissance malware, now called 'ReconShark,' in a cyberespionage campaign with a global reach. Previously, in August 2022, Kaspersky revealed another Kimsuky campaign targeting politicians, diplomats, university professors, and journalists in South Korea using a multi-stage target validation scheme that ensured only valid targets would be infected with malicious payloads.

"Since almost all organizations rely heavily on open source in their applications, this new data demonstrates the increasing need to compensate and support the maintainers responsible for the health and security of the critical open source components we all depend on," said Donald Fischer, CEO, Tidelift. "Maintainers are being held accountable for keeping their projects secure and adhering to new standards, but are often not being recognized or paid for the additional work they are being asked to do. By addressing this inconsistency, we can ensure maintainers will continue their important work improving the security and long-term resilience of the open source software supply chain powering government and industry," Fischer continued.

To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals to exploit, given how given how easily the devices can be hidden in luggage, stuffed into the upholstery of a car, or squeezed into the gap under a bicycle saddle. With lots of similar devices already on the market, and Google said to be working on a product of its own to take advantage of the zillions of Bluetooth-enabled phones that are out and about running Google Android.

DDoS: DDoS attacks request a huge number of connections, to exhausts resources and potentially lead to a crash as the attack overwhelms both APIs and the backend systems that supply data to the APIs. Man in the middle attacks: MITM attacks occur when an outsider discreetly positions themself in a conversation between a user and an API endpoint, eavesdropping or impersonating one of the parties in a bid to steal or modify private data.

Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Tython allows security teams to build custom security reference architectures and design patterns as code.

We're now making cloud security automation easier for you by releasing CIS hardening components in EC2 Image Builder on Amazon Web Services. Our CIS hardening components help give you more options for building a golden image, especially when you need to automate your image creation process.

Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. While Level Finance said the attack did not affect its liquidity pool and the DAO treasury, and the exploit was isolated from all other contracts, the LVL token lost roughly 50% of its value immediately after the attack was made known.

These changes, coupled with the need for stronger collaboration with third-party vendors, have led them to SaaS applications to handle their CRM. Today, telecoms are using SaaS apps for billing, HR, call management, field operations management, tracking call center effectiveness, and hundreds of other applications. The advertisers are given access to the telecom's SaaS apps, where they can mine for data and develop powerful marketing and advertising campaigns.

The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Announced nearly a year ago, the security-focused feature makes user devices automatically install security patches as they are made available.