Endpoint Security

Software Security

Issued by: DataBreach Today

The U.S. federal government is banning Russian cybersecurity firm Kaspersky Labs from selling antivirus software in the United States, officials announced Thursday, citing significant national security risks. Department of Commerce officials urged current Kaspersky customers to “immediately find alternatives” after an investigation determined that Russian state hackers could turn the cybersecurity software against their users….

Malware & Threats

Issued by: Dark Reading

AnyDesk, which provides a remote desktop application providing access, file transfer, and VPN functionality for endpoints, has announced that its production systems have been compromised, and that it plans to revoke all its security-related certificates and reset all Web portal passwords as a precaution. The company assured its customers in a statement released late on…

Vulnerabilities

Issued by: DataBreach Today

A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings. So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely…

Mobile Security

Issued by: DataBreach Today

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE….

Malware & Threats

Issued by: DataBreach Today

A Russian national accused by U.S. federal prosecutors of developing an application for decrypting login credentials pleaded not guilty during a first appearance in Tampa federal court. The man, Dariy Pankov – also known as “dpxaker” – faces seven criminal counts including conspiracy, access device fraud and computer fraud. On Wednesday in the courthouse for…

Mobile Security

Issued by: Security Week

The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said…

Application Security, Software Security

Issued by: Security Week

Endpoint detection and response (EDR) specialist provider Malwarebytes has launched a new managed detection and response (MDR) solution to bring threat and incident detection to the SMB market. SMBs are heavily targeted by malicious actors because they are often considered to be the soft underbelly of opportunity. The MDR solution combines the security firm’s EDR…