FreshRSS

🔒
☐ ☆ ✇ The Hacker News

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

By Newsroom — January 26th 2024 at 09:44
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a
☐ ☆ ✇ The Hacker News

Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft

By Newsroom — December 15th 2023 at 13:01
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement. This allowed the attackers to gain
☐ ☆ ✇ The Hacker News

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

By Newsroom — December 11th 2023 at 11:30
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and
☐ ☆ ✇ The Hacker News

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

By Newsroom — October 16th 2023 at 09:31
Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly
☐ ☆ ✇ The Hacker News

Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic

By The Hacker News — September 26th 2023 at 10:32
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). This report
☐ ☆ ✇ The Hacker News

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

By THN — September 20th 2023 at 09:29
Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current
☐ ☆ ✇ The Hacker News

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

By THN — July 22nd 2023 at 05:36
Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming
☐ ☆ ✇ The Hacker News

Introducing AI-guided Remediation for IaC Security / KICS

By The Hacker News — June 19th 2023 at 11:51
While the use of Infrastructure as Code (IaC) has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities.  IaC allows organizations to define and manage their infrastructure using machine-readable configuration files, which are
☐ ☆ ✇ The Hacker News

Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals

By The Hacker News — June 13th 2023 at 13:53
It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and impactful consequences for corporate safety.  A recent study by GitGuardian found that 75% of IT
☐ ☆ ✇ The Hacker News

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

By The Hacker News — May 24th 2023 at 10:51
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical
☐ ☆ ✇ The Hacker News

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

By The Hacker News — March 24th 2023 at 11:43
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk. Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their
☐ ☆ ✇ The Hacker News

Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement

By Ravie Lakshmanan — February 7th 2023 at 17:35
A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. Eurojust, in a press statement, said the February 3 exercise resulted in the arrests of 45 individuals across Belgium and the Netherlands, some of whom include users as well as the administrators and owners of the
☐ ☆ ✇ The Hacker News

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

By Ravie Lakshmanan — September 1st 2022 at 10:19
Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News. Interestingly, a
❌