Security
Headlines
HeadlinesLatestCVEs

Tag

#asus

Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem

A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.

DARKReading
Open in Source
#vulnerability#web#ios#intel#backdoor#rce#asus#auth#zero_day
How to Use Lockdown Mode in iOS 16 to Make Your Phone More Secure

Whether you want to turn off link previews or block unwanted FaceTime calls, here's what you need to know.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

CVE-2022-26376: TALOS-2022-1511 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack

By Waqas Cellebrite is an Israel-based smartphone hacking (or cracking) firm that previously made headlines for unlocking iPhone devices for… This is a post from HackRead.com Read the original post: Anonymous Source Leaks 4TB of Cellebrite Data After Cyberattack

Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers

As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured

You Pay More When Companies Get Hacked

Plus: Google delays the end of cookies (again), EU officials were targeted with Pegasus spyware, and more of the top security news.

Threat Source newsletter (July 28, 2022) — What constitutes an "entry-level" job in cybersecurity?

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the cybersecurity skills gap and hiring.  Everyone wants to know the magic ticket to figure out how to increase hiring at their cybersecurity practice without hiring somehow with under-developed skills that could leave clients open to attack. This is not a problem exclusive to cybersecurity, but I do find it interesting that there’s been so much talk about the problems the cybersecurity workforce faces and not much about actual solutions.  I think a good place to start would change the meaning of what an “entry-level” position truly is in security. I came into this field with zero security experience from the domain of journalism. My family considered me to be “a computer guy” just because I was good at searching the internet fo...

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the

Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware

Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.