New Android Trojan ‘SoumniBot’ Hides with Clever Tricks
SoumniBot, a new Android trojan, exploits manifest extraction and parsing flaws to target South Korean users. The malware is “notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest,” according to Kaspersky researcher Dmitry…
0 Comments5 Minutes
AWS, Google, and Azure CLI Tools May Contain Credential Leaks
According to a recent cybersecurity study, sensitive Credential Leaks may be exposed in build logs by using command-line interface (CLI) tools from Google Cloud and Amazon Web Services (AWS), which puts enterprises in serious danger. The cloud security company Orca has termed this vulnerability…
0 Comments3 Minutes
Popular PuTTY SSH Client Is Open to Key Recovery Attack
Users are being notified by the developers of the PuTTY Secure Shell (SSH) and Telnet client about a serious flaw that affects versions 0.68 through 0.80 and has the potential to be used to fully recover NIST P-521 (ecdsa-sha2-nistp521) private keys. The vulnerability has been designated…
0 Comments4 Minutes
Palo Alto Networks Issues Quick Fixes for PAN-OS Exploitation
In order to address a maximum-severity security hole affecting PAN-OS software that has been actively exploited in the wild, Palo Alto Networks has published hotfixes. The critical vulnerability, identified as CVE-2024-3400 (CVSS score: 10.0), involves command injection in the GlobalProtect…
0 Comments3 Minutes
Fortinet Releases Important Security Updates
Fortinet has recently addressed a critical security vulnerability impacting FortiClientLinux, mitigating the risk of potential arbitrary code execution. This vulnerability, officially designated as CVE-2023-45590, has been assigned a substantial CVSS score of 9.4 out of a maximum of 10. According…
0 Comments4 Minutes
Microsoft Releases a Massive April Patch Release
Microsoft’s April 2024 security updates fixed 149 vulnerabilities, two of which are being actively exploited in the wild. Out of the 149 defects, one is classified as low severity, three are critical, 142 are important, and three are moderate. The update also addresses 21 vulnerabilities that…
0 Comments9 Minutes
V8 Sandbox, a new defense against browser attacks, by Google Chrome
To address memory corruption issues, Google has announced support for the so-called V8 Sandbox in the Chrome web browser. Samuel Groß, the technical lead for V8 security, states that the sandbox is intended to stop “memory corruption in V8 from spreading within the host process.”…
0 Comments5 Minutes
“Latrodectus”: Is This Malware Lurking in Your Email?
Latrodectus is a new strain of malware recently discovered by threat researchers. It has been distributed through email phishing campaigns since at least late November 2023. In a recent collaborative analysis by experts from Proofpoint and Team Cymru, it was revealed that Latrodectus functions as a…
0 Comments5 Minutes
In “Incognito Mode,” Google will remove billions of browsing records.
As part of the settlement of a class action lawsuit, Google has agreed to delete billions of data records that show users’ browsing activity without their knowledge or consent while using its Chrome browser. The class action lawsuit, filed in 2020, claimed that the firm had deceived consumers…
0 Comments4 Minutes
How Managed IT Services Strengthen Cyber Defenses
In the fast-paced digital landscape, where cyber threats loom large, businesses find themselves in an ongoing battle to secure their sensitive data and digital assets. This article delves into the pivotal role of Managed IT Services in fortifying cyber defenses, exploring how these services act as…
0 Comments8 Minutes