Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and…
Read More
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. “Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company told BleepingComputer. “Nokia takes this allegation seriously…
Read More
Threat actors are abusing DocuSign’s Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net. The goal is to have their targets e-sign the documents, which they can…
Read More
AI is significantly enhancing social engineering attacks, making them more targeted, convincing, and harder to detect. Traditional phishing attempts often had clear red flags like poor grammar or unfamiliar writing styles, but with generative AI, attackers can now create highly personalized, grammatically perfect messages that mimic an individual’s writing or speaking style. This evolution poses…
Read More
Shannon Poulin, the COO of Intel programmable chip business Altera, says he has retired from the company as Intel seeks to sell a stake in the independent subsidiary ahead of a planned initial public offering. The COO of Intel programmable chip business Altera said he has retired from the company as the parent company seeks…
Read More
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company’s JIRA server. “Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” Schneider Electric told BleepingComputer. “Our…
Read More
Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. In January 2024, the company released the first Windows Server 2025 build for admins enrolled in the Windows Insider program. This new version introduced hotpatching, next-gen Active Directory, and SMB over QUIC alternative ports…
Read More
The third installation of Channel Women in Security podcast, Cass is joined by the “mother of hackers.” As the founder of Black Girls Hack, Tennisha Martin is on a mission to close the ethical hacker’s skills gap by building the next generation of cybersecurity leaders. In episode 3 of the Channel Women in Security podcast,…
Read More
Data center veteran Jim Buie – whose resume includes stops at Flexential and AT&T – was named CEO of Tonaquint ,which has 140,000 square feet of data center space under management in facilities across the U.S. Data center veteran Jim Buie – whose resume includes stops at Flexential and AT&T – was named CEO of…
Read More
UK’s National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named “Pigmy Goat” created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. Last week, Sophos published a series of reports dubbed “Pacific Rim” that detailed five-year attacks by Chinese threat actors on edge networking…
Read More