Author: nlqip
Sep 04, 2024Ravie LakshmananVulnerability / Mobile Security Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android…
Read MoreAI SPERA, a leading Cyber Threat Intelligence (CTI) company, has achieved PCI DSS v4.0 certification for its flagship search engine solution, Criminal IP. This accomplishment builds on last year’s attainment of PCI DSS v3.2.1 (Payment Card Industry Data Security Standard) certification and represents a significant milestone in the company’s ongoing efforts to strengthen security, further…
Read MoreThreat actors are utilizing an attack called “Revival Hijack,” where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. The technique “could be used to hijack 22K existing PyPI packages and subsequently lead to hundreds of thousands of malicious package downloads,” the researchers say. Hijacking popular projects…
Read More‘Our partnership with IBM reinforces our commitment to innovation and our conviction in the tremendous benefit of QRadar customers adopting Cortex XSIAM for a robust, data-driven security platform that offers transformative efficiency and effectiveness in defending against evolving cyberthreats,’ says Palo Alto Networks CEO Nikesh Arora. Cybersecurity superstar Palo Alto Networks completed its $500 million…
Read More“The problem is that while this is being discussed, attackers can already use this method to gain code execution on many PyPI users as we’ve demonstrated.” Advice for CISOs, app leaders Infosec leaders should warn their staff that a new version of a package can potentially include malicious code, he said, even if the last…
Read MoreSep 04, 2024Ravie Lakshmanan A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing…
Read MoreTenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization…
Read More“We’ve been working closely with customers to evaluate and test these new devices, and the feedback has been incredible,” Microsoft GM Nancie Gaskill said in a blog post. Microsoft will make several new Surface devices aimed at business users available this month, including the Surface Laptop 7th Edition, Surface Pro 11th Edition and Surface Pro…
Read MoreSep 04, 2024Ravie LakshmananVulnerability / Network Security Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command…
Read MoreSep 04, 2024The Hacker NewsSaaS Security / Browser Security Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, “Why Account Takeover Attacks Still Succeed, and Why…
Read MoreRecent Posts
- A Vulnerability in Fortinet FortiManager Could Allow for Remote Code Execution
- ServiceNow CEO McDermott: ‘Taking On The World’s Biggest Challenges’ With AI, New Nvidia Pact, More
- SonicWall CEO On ‘Getting Back To Our Roots’, Using AI And Latest Acquisitions
- Windows 11 KB5044380 preview update lets you remap the Copilot key
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA