Tag
OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories. The post A scanning tool for open-sourced software packages? Yes, please! appeared first on Malwarebytes Labs.
A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information.
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which
Three tech giants used World Password Day to announce their commitment to a passwordless future using FIDO Alliance standards. The post Google, Apple, and Microsoft step hand in hand into a passwordless future appeared first on Malwarebytes Labs.
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.
Plus: Russia rerouted internet in occupied Ukraine, Grindr sold its users' location data to ad networks, and more.
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 29 and May 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]
For most of us, passwords are the most visible security control we deal with on a regular basis, but we are not very good at it.