Facebook Offering Big Rewards for Vulnerabilities in Hermes, Spark AR
Facebook announced on Friday that it’s offering significant rewards through its bug bounty program for vulnerabilities found in Hermes and Spark AR.
read more
Google Updates Policies to Reject Ads for Spyware
Google this week announced that, starting next month, an update to its policy will effectively result in the rejection of ads for surveillance technology.
read more
Zoom Working on Patch for Code Execution Vulnerability in Windows Client
Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don’t want to wait for the official patch.
On Thursday, ACROS Security announced the availability...
Juniper Networks Patches Critical Vulnerabilities in Firewalls
Juniper Networks this week informed customers that it has patched many vulnerabilities in its products, mostly ones that can be exploited for denial-of-service (DoS) attacks.
read more
Security Automation Challenges to Adoption: Overcoming Preliminary Obstacles
For Most Organizations, the Full Capabilities of Security Automation Are Still Untapped
read more
Evilnum Group Targets Fintech Companies in Europe
For the past two years, a threat group tracked as Evilnum has been observed targeting financial technology companies, mainly ones located in the European Union and the U.K., ESET reports.
read more
UK, Australia Investigate Clearview Facial Recognition Firm
Privacy watchdogs in Britain and Australia have opened a joint investigation into facial recognition company Clearview AI over its use of personal data “scraped” off social media platforms and other websites.
read more
Hackers Scanning for Citrix Systems Affected by Recent Vulnerabilities
Hackers are apparently scanning the web for systems affected by the recently disclosed Citrix vulnerabilities, which the vendor suggested are less likely to be exploited.
read more
Vulnerabilities in Popular Open Source Management Tool Expose Hospitals to Attacks
A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server.
read more
Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption
Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems (ICS).
read more
Researchers Find Pre-Installed Malware on More Android Phones in U.S.
Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go.
read more
Germany Seizes Server Hosting Pilfered U.S. Police Files
At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last...
Microsoft Adds New Data Corruption Preventions to Windows
Microsoft this week announced Kernel Data Protection (KDP), new technology that aims to protect the Windows kernel and drivers from data corruption attacks.
read more
Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS
Palo Alto Networks informed customers on Wednesday that it has patched two high-severity vulnerabilities in PAN-OS, the software running on the company’s firewalls.
read more
Powerful Conti Ransomware Emerges
A new ransomware family packs multiple unique features, including to improve performance and give its operators the option to only target networked SMB shares, VMware-owned Carbon Black reveals.
read more
Cyberattack Simulation Company XM Cyber Raises $17 Million
XM Cyber, an Israel-based company that offers a cyberattack simulation platform, announced on Thursday that it raised $17 million in a Series B funding round.
The latest funding round, which brings the total raised by the firm to $49 million,...
Google Patches Critical Android Vulnerabilities With July 2020 Updates
Several critical remote code execution vulnerabilities were addressed in Android this week with the release of the July 2020 set of security patches, including three in the media framework and system components.
read more
Over 5 Billion Unique Credentials Offered on Cybercrime Marketplaces
More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows.
read more
Huawei Urges UK Not to Rush Into 5G Decision
Chinese telecoms giant Huawei urged Britain on Wednesday not to rush into taking any costly decision to phase out its equipment from the UK's 5G network because of US sanctions.
read more
Magecart Group Hits 570 Websites in Three Years
Over the past three years, one of the groups operating under the Magecart umbrella has targeted over 570 e-commerce websites and likely made more than $7 million, threat intelligence company Gemini Advisory reports.
read more
Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection
Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.
15 Billion Stolen Logins Are Circulating on the Dark Web
Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily
Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...
Is TikTok Seriously Dangerous—Do You Need To Delete It?
Here's the reality behind all the headlines...
iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations
The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.
