Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals feel that cybersecurity is improving, both generally and within their organizations. They also acknowledge that […]
Continue ReadingGitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the vulnerability (CVE-2023-5009) CVE-2023-5009 – discovered by software developer and bug hunter Johan Carlsson […]
Continue ReadingApple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group have been credited with reporting them, […]
Continue ReadingFinancial institutions have always been a valuable target for cyberattacks. That’s partly why banking and financial institutions are heavily regulated and have more compliance requirements than those in most other industries. A slew of new rules have been put in place in recent years, designed to place more emphasis on continually measuring and managing this […]
Continue Reading57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps are more likely to be put in unsafe environments (76%) than iOS apps (55%). Android […]
Continue ReadingSignal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. Getting ready for quantum computing “Quantum computing represents a new type of computational system which leverages quantum mechanical properties to solve certain complex problems many orders of magnitude more quickly […]
Continue ReadingResearchers have unearthed new backdoors leveraged to maintain long-term access in the networks of telecom firms in the Middle East. HTTPSnoop and PipeSnoop – as the two implants have been dubbed by Cisco Talos researchers – have been disguised as components of Palo Alto Networks’ Cortex XDR solution. Two backdoor implants “HTTPSnoop is a simple, […]
Continue ReadingAn unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro’s Zero Day Initiative reported the RCE vulnerability (CVE-2023-4047) that allowed threat actors to execute arbitrary […]
Continue ReadingTrend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been revealed, but we know it’s present in the third-party AV uninstaller module provided with the products, and can be […]
Continue ReadingAmazon S3 is a simple cloud storage solution enabling effortless storage and retrieval of large amounts of data from different geographies. It’s engineered for scalability, durability, and security, making it a popular option for data storage and distribution. In addition, Amazon Web Services (AWS) offers numerous tools to help with file and object replication. A […]
Continue Reading