Facebook gets round tracking privacy measure by encrypting links
A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of these…
FBI: Beware of Scam Cryptocurrency Investment Apps
Would-be cryptocurrency investors are being targeted in a scam that has already stolen more than $42.7 million from 244 victims, according to the latest private industry notification from the Federal Bureau of Investigation. According to the FBI, scammers have used phishing attacks to convince victims to download fake mobile cryptocurrency investment apps impersonating legitimate investment…
Trojanized Password Crackers Targeting Industrial Systems
Threat actors are targeting systems in industrial control environments with backdoor malware hidden in fake password-cracking tools. The tools, being touted for sale on a variety of social media websites, offer to recover passwords for hardware systems used in industrial environments. Researchers from Dragos recently analyzed one such password-cracking product and found it to contain…
Q-Day: The problem with legacy public key encryption
In the power circles where policy and technology meet, there always seems to be someone with his or her “hair on fire” about some issue or another, and it can be difficult to differentiate between a serious matter, hype and political theater. When it comes to the looming threat to existing cryptography methods, however, the…
PayPal-themed phishing kit allows complete identity theft
Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers. By misusing the PayPal logo and general design, the phishing kit leads users through a…
Scribe Integrity helps developers authenticate open-source and proprietary source code
Scribe Security released Scribe Integrity, a code integrity validator that authenticates open-source and proprietary source code, and an integral building block of its platform solving the software supply chain security challenge. Scribe Integrity provides developers with an added layer of visibility, allowing developers peace of mind that the code they are using is safe. Scribe…
The 3 Critical Elements You Need for Vulnerability Management Today
In a world increasingly dependent on technology, software sprawl is growing. Companies use custom-built software, open source software, and products from third-party providers when building applications. Through this software supply chain, the digital attack surface expands. Each software dependency can also open it up to potential attack as bugs are found in all types of…
MacOS Bug Could Let Malicious Code Break Out of Application Sandbox
Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed specific kinds of code to bypass the operating system’s App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads. Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement,…
Nearly Half of Enterprise Endpoints Present Significant Security Risks
.Adaptiva today released the inaugural “Managing Risks and Costs at the Edge” report. Sponsored by Adaptiva and conducted by Ponemon Institute, 629 IT and IT security practitioners in the United States were surveyed, representing an average organizational headcount of 13,213 and IT budget of $184,366,500. Respondents indicated that most enterprises struggle to maintain visibility and…
Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain…
