Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open sourc.....»»
Fujitsu says it found malware on its corporate network, warns of possible data breach
Company apologizes for the presence of malware on company computers. Enlarge (credit: Getty Images) Japan-based IT behemoth Fujitsu said it has discovered malware on its corporate network that may have allowed the people.....»»
Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Transitioning to memory-safe languages: Challenges and considerations In this Help Net Security interview, Omkhar Arasaratnam, General Manager at th.....»»
New streaming deals knock up to 75% off Max, Paramount Plus, Hulu, Peacock & Apple TV Plus
Today's best streaming deals deliver discounts of up to 75% off plans from Max, Paramount Plus, Hulu, Peacock and Apple TV Plus.Save up to 75% with these streaming service deals.Whether you're looking to binge watch a new series entirely or can't wai.....»»
New infosec products of the week: March 15, 2024
Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, Cynerio, DataDome, Regula, and Tenable. AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights AuditBoard.....»»
Only 13% of medical devices support endpoint protection agents
63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, acc.....»»
MobSF: Open-source security research platform for mobile apps
The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and.....»»
Stellar Cyber and Torq join forces to deliver automation-driven security operations platform
Stellar Cyber announced a technology partnership with Torq to help security teams dramatically improve their ability to combat advanced attacks. This partnership combines the power of Stellar Cyber Open XDR with Torq Hyperautomation, providing securi.....»»
Keyloggers, spyware, and stealers dominate SMB malware detections
In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. Attackers subsequently use this stolen information to gain unauthorized remote access, e.....»»
March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesda.....»»
"GPS nanoparticle" platform precisely delivers therapeutic payload to cancer cells
A newly developed "GPS nanoparticle" injected intravenously can home in on cancer cells to deliver a genetic punch to the protein implicated in tumor growth and spread, according to researchers from Penn State. They tested their approach in human cel.....»»
Chimeric nanobody research looks to improve chemotherapy drug delivery
Finding the best method to deliver chemotherapeutic drugs to tumor cells can be tricky. Ideally, the treatments target tumor cells while leaving healthy cells alone......»»
Hackers leverage 1-day vulnerabilities to deliver custom Linux malware
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connec.....»»
AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights
AuditBoard revealed powerful new AI, analytics, and annotation capabilities to help corporate risk, compliance, and assurance teams, including internal audit and SOX functions, improve collaboration with stakeholders, do more with less, and deliver m.....»»
Never-before-seen Linux malware gets installed using 1-day exploits
Discovery means that NerbianRAT is cross-platform used by for-profit threat group. Enlarge (credit: Getty Images) Researchers have unearthed Linux malware that circulated in the wild for at least two years before being i.....»»
macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
We learned with the public launch of iOS 17.4 that Apple included fixes for two exploited vulnerabilities and two other security issues. Now with the arrival of macOS 14.4, there are over 50 security patches and the list of security fixes for iOS 17......»»
Hands-on: Logitech MX Brio 4K webcam – How does it compare to the MacBook camera?
Logitech this week introduced the new Logitech MX Brio 4K webcam, which is the first webcam in the Masters “MX” series. With a larger sensor and AI-based features, the MX Brio promises to deliver exceptional image quality for a webcam of its size.....»»
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML a.....»»
Web-based PLC malware: A new potential threat to critical infrastructure
A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PL.....»»
Scientists use a new type of nanoparticle that can both deliver vaccines and act as an adjuvant
Many vaccines, including vaccines for hepatitis B and whooping cough, consist of fragments of viral or bacterial proteins. These vaccines often include other molecules called adjuvants, which help to boost the immune system's response to the protein......»»
How to block third-party iPhone app stores now that sideloading is a thing
I used to worry about the arrival of iPhone sideloading in Europe before I knew what Apple’s implementation would be like. Malware remains a threat … The post How to block third-party iPhone app stores now that sideloading is a thing appe.....»»