Author: nlqip
Fake trading apps on Google Play and Apple’s App Store lure victims into “pig butchering” scams that have a global reach. The apps have been removed from the official Android and iOS stores after accumulating several thousand downloads, say researcher at cybersecurity company Group-IB, who discovered the fraud. Pig butchering is the name of a scam…
Read More
The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. The attack compromised police office contact details, names, email addresses, phone numbers, and in some cases, private details. According to the original report, the attacker had hacked a police account and stole work-related contact details…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-107 DATE(S) ISSUED: 10/01/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…
Read MoreWe recommend the following actions be taken: * Apply appropriate updates provided by Zimbra to vulnerable systems immediately after appropriate testing. (**[M1051](https://attack.mitre.org/mitigations/M1051/): Update Software**) * **Safeguard 7.1: Establish and Maintain a Vulnerability Management Process:** Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes…
Read More
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. In December, the United Kingdom and its Five Eyes allies linked this threat group to Russia’s Federal Security Service (FSB), the country’s…
Read More
‘So much of Tableau’s success is thanks to our partners’ investment in our customers,’ says Tableau CEO Ryan Aytay. Salesforce plans to roll out a Tableau Einstein Alliance partner community in February with the goal of furthering artificial intelligence and AI agent creation and delivery through access to experts, marketing materials and product road map…
Read More
‘The popularity of Agentic AI can be seen in the solutions built by Salesforce, ServiceNow, Glean and others, as well as the custom agents our clients are asking us to build using Google’s Gemini technology,’ says the CEO of a Google Cloud partner. Google Cloud partners are hopeful that Google reportedly paying $2.7 billion to…
Read More
Oct 03, 2024Ravie LakshmananMobile Security / Technology Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G,…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-109 DATE(S) ISSUED: 10/02/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could…
Read More
Adobe Commerce and Magento online stores are being targeted in “CosmicSting” attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. The CosmicSting vulnerability (CVE-2024-32102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve remote code execution on the…
Read More