Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

DARKReading
#vulnerability#web#android#google#microsoft#intel#pdf#auth#zero_day#ruby
“HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!

Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access…

Google Chrome’s uBlock Origin Purge Has Begun

Plus: The alleged SEC X account hacker gets charged, Kroger wriggles out of a face recognition scandal, and Microsoft deals with missing customer security logs.

Acronym Overdose – Navigating the Complex Data Security Landscape

In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most important acronyms

Time to Get Strict With DMARC

Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.

CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches

A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Microsoft disclosed details about the HM Surf vulnerability that could allow an attacker to gain access to the user’s data in Safari

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.

Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some instances, fraudulent workers demanded ransom payments from their former employers after gaining