Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Amazon Adds Malware Detection to GuardDuty TDR Service

The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week.

DARKReading
Open in Source
#web#mac#amazon#kubernetes#aws
Malicious Npm Packages Tapped Again to Target Discord Users

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.

CVE-2022-2576: 580018 – Denial-of-Service vulnerability in the DTLS stack

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

Dingtian-DT-R002 3.1.276A Authentication Bypass

Dingtian-DT-R002 version 3.1.276A suffers from an authentication bypass vulnerability.

Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info

The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a

CVE-2022-1799: Release Notes  |  Google Play services  |  Google Developers

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.