DragonEgg and LightSpy: The Connection Between Two Sneaky Spywares Main Points: New research elucidates a connection between the Android spyware DragonEgg and the iOS surveillance tool, LightSpy. DragonEgg and WyrmSpy, also known as AndroidControl, were first revealed in July 2023 by Lookout as malware strains designed to extract sensitive data from Android devices, and were
Read More
Affordable SaaS Security Solutions Emerging for Mid-Sized Businesses Security woes for mid-sized companies: a tightening noose Like a computer on its last legs struggling to update, mid-sized enterprises and their hardworking Chief Information Security Officers (CISOs) are finding it challenging to fight off the expanding threat of SaaS (Software as a Service) security issues. All
Read More
NPM Package Deploys Open-Source Rootkit, First of Its Kind A deceptive package within the npm package registry deploying an open-source rootkit called r77 has been discovered. The malevolent package, dubbed “node-hide-console-windows”, is a rogue variant of the legitimate npm package “node-hide-console-window”. This case represents the first-ever recorded instance of a rogue package delivering rootkit functionality.
Read More
Cloudy with a Chance of Hacks: Microsoft Thwarts SQL Server Attack Attempt – Microsoft reveals a new hacking attempt targeting a SQL Server instance – The attack tried to pivot towards cloud environment through SQL Injection – Security researchers detail the campaigners’ modus operandi – Although the attack was unsuccessful, it signals a noticeable trend
Read More
New Linux Vulnerability ‘Looney Tunables’, a Capable Foe Main Points: A new Linux security vulnerability, referred to as ‘Looney Tunables’, has been detected. This vulnerability resides in the GNU C library’s ld.so dynamic loader. If exploited, it could potentially lead to a local privilege escalation and allow a hacker to gain root privileges. Tracked as
Read More
TorchServe Vulnerabilities Come to Light: ‘ShellTorch’ Might Light up Your System! Main Points: – Several critical security flaws have been found in TorchServe. – Israeli company Oligo discovered these vulnerabilities, dubbing them ‘ShellTorch’. – The flaws can potentially lead to a full chain remote code execution. Introduction to TorchServe Turns out, TorchServe, which is known
Read More
Qualcomm Tackles 17 Vulnerabilities and 3 Zero-Days: Time for a Chip Chop! Bullet Points Qualcomm has released security updates for 17 vulnerabilities in various components. Three other zero-day vulnerabilities are currently under active exploitation. Out of the 17 vulnerabilities, three are classified as ‘Critical’, 13 as ‘High’, and one as ‘Medium’ in severity. Google’s Threat
Read More
Nearly 36 Counterfeit Packages Found in npm Package Repository Counterfeit packages designed to steal sensitive data from developer systems have been found in the npm package repository. The alarming discovery is credited to Fortinet FortiGuard Labs. Some of these deceitful packages include @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable, all of which have obfuscated scripts. Data
Read More
A Guide to the Wonderful World of APIs: Understanding and Safeguarding Modern Software’s Backbone Main Points to Take Home Application Programming Interfaces (APIs) – the supporting pillars of most current software applications Through APIs, developers can communicate and exchange data between different systems and platforms Increased API use gives greater potential for security threats It’s
Read More
**Main Points:** * The importance of Security Configuration Assessment (SCA) in an organization’s cybersecurity strategy * What Security Configuration Assessment (SCA) aims to achieve * The significance of doing regular security assessments * The role of SCA in minimizing the risk of cyber attacks Get a Grip on Your Cybersecurity with Security Configuration Assessment Sick
Read MoreNo products in the cart.