SecurityWeek

Latest IT Security News and Expert Insights Via RSS Feed
  1. Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and iOS platforms.

    Apple confirmed in-the-wild exploitation of the vulnerabilities in separate advisories warning about code execution flaws in fully patched iPhone, iPad and macOS devices.

    read more

  2. Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches.

    read more

  3. The US Securities and Exchange Commission this week announced charges against 18 individuals and entities for their roles in a pump-and-dump scheme that involved account hacking.

    read more

  4. Mandiant has been tracking an activity cluster from what it believes is a single Iranian threat group that has been targeting Israeli interests, especially the shipping industry. The activity was first noted in late 2020 and is ongoing in mid-2022. Mandiant has named the group UNC3890.

    read more

  5. Splunk this week announced the release of a new set of quarterly patches, to address multiple vulnerabilities in Splunk Enterprise.

    The most important of the bugs – based on its severity rating – is a high-severity TLS certificate validation issue in the Ingest Actions user interface.

    read more

  6. Making each endpoint resilient is paramount to implementing a successful defense strategy

    read more

  7. A team of researchers from various companies has analyzed Electron-based desktop applications and ended up discovering vulnerabilities in several widely used pieces of software.

    read more

  8. The United States Department of Justice (DoJ) has announced the arrest of Njuh Valentine Fombe, who was wanted for his role in a business email compromise (BEC) scheme.

    Indicted in 2019, Fombe was a fugitive for three years until he was arrested on August 6. He is charged with conspiracy to commit wire fraud and money laundering, and with aggravated identity theft.

    read more

  9. A Chrome 104 update announced by Google on Tuesday patches 11 vulnerabilities, including a zero-day that has been exploited in attacks.

    read more

  10. Security companies have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines.

    read more

  11. Zero Trust has become so prevalent that it has lost some of its stopping power

    read more

  12. Security researchers at Quarkslab have published detailed information on a critical vulnerability they discovered in Google’s Titan M chip earlier this year.

    Introduced in 2018, Titan M is a system-on-a-chip (SoC) designed to deliver increased security protections to Pixel devices, including guaranteeing secure boot.

    read more

  13. A ransomware group has hit at least one water company in the United Kingdom, but there is some confusion over whose systems were actually breached.

    read more

  14. Secure communications services provider Signal on Monday disclosed impact from the recent Twilio hack, after threat actors attempted to re-register the phone numbers of some of its users to new devices.

    read more

  15. Zoom informed customers last week that macOS updates for the Zoom application patch two high-severity vulnerabilities. Details of the flaws were disclosed on Friday at the DEF CON conference in Las Vegas by macOS security researcher Patrick Wardle.

    read more

  16. Shares in British cyber security firm Darktrace soared almost a fifth Tuesday, reflecting a possible takeover worth several billion pounds by a US private equity firm.

    read more

  17. Three Nigerians have been extradited from the United Kingdom to the United States to face charges in relation to their roles in business email compromise (BEC) fraud schemes, the US Department of Justice announced.

    read more

  18. Microsoft on Monday announced another major disruption of an APT actor believed to be linked to the Russian government, cutting off access to accounts used for pre-attack reconnaissance, phishing, and email harvesting.

    read more

  19. Lawyers for WikiLeaks founder Julian Assange sued the US Central Intelligence Agency and its former director Mike Pompeo on Monday, alleging it recorded their conversations and copied data from their phones and computers.

    read more

Website Copyright 1998-2022 by PCBest. All Rights Reserved.
we accept credit cards