Security News
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its...
Public safety professionals want technology upgrades and adoption of federal standards for first responder IT security, reporting and efficiency, according to Mark43. "We heard a resounding response from first responders across the country: They are concerned about their public safety agency's ability to withstand cyberattacks and natural disasters, given the ever-increasing number and severity of bad actors attacking public infrastructure as well as the uptick in extreme weather incidents," said Matthew Polega, President, Mark43.
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. The vulnerability affects Apache Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1, and has been fixed in Apache Struts versions 2.5.33 and 6.3.0.2.
Upgrade to Microsoft Windows 11 Home for Just $30 Through 10/15 You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security. For business, personal use, gaming, creative projects and more, you will truly appreciate the advanced tools in Windows 11 that can help you work smarter and faster.
Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October 16th, Google has now rolled it out to all users on the Stable channel.
Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the distro via a "Third party tool" that lives outside of the Ubuntu Archive.
A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution, according to security researchers. "The issues in TorchServe - an optional tool for PyTorch - were patched in August rendering the exploit chain described in this blog post moot," a Meta spokesperson told The Register.
Signal has announced an upgrade to its end-to-end encryption protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. "Quantum computing represents a new type of computational system which leverages quantum mechanical properties to solve certain complex problems many orders of magnitude more quickly than modern classical computers. Instead of bits as in a classical computer, quantum computers operate on qubits," explained Ehren Kret, CTO at Signal.
An updated version of a botnet malware called KmsdBot is now targeting Internet of Things devices, simultaneously branching out its capabilities and the attack surface. The malware is designed to scan random IP addresses for open SSH ports and brute-force the system with a password list downloaded from an actor-controlled server.
While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in their security strategies, according to OPSWAT. Rapid evolution of web application security landscape. In today's rapidly evolving landscape of web application security, organizations are constantly striving to adapt and fortify their infrastructure, particularly with the rise of hybrid work environments.