Category Security

According to WebsitePlanet, a database configuration error at a popular auto retailer exposed 1TB of records containing personal customer information. Security researcher Jeremiah Fowler tracked down records from the Philadelphia-based company Simpletire and reported the incident to the web builder…

A new open-source Remote Access Trojan (RAT) called Doge RAT It mainly targets Android users residing in India as part of an advanced malware campaign. The malware is distributed through social media and messaging platforms under the guise of legitimate…

May 29, 2023Ravi LakshmananAuthentication/Mobile Security Researchers have discovered a cheap attack method that can be used to brute force a smartphone’s fingerprints to bypass user authentication and take control of the device. called approach brute printexploits two zero-day vulnerabilities in…

Unit 42 of the Palo Alto Networks Threat Research Team used Mirai variants, malware that turns network-connected devices running Linux (usually small IoT devices) into remotely controlled bots, to target IoT devices. We discovered new malicious activity targeting Massive network…

If you’re a cybersecurity expert, you’re probably familiar with the sea of ​​acronyms the industry is obsessed with. From CNAPP he to CWPP to CIEM and all countless others, it seems that new initialisms are being born every day. In…

This week’s Graham Cluley Security News sponsors are: PureDome. Thanks for the support of an amazing team! PureDome provides a safe, fast, and reliable solution to secure and protect your business network. Seamless deployment makes it easy to scale your…

May 29, 2023Ravi LakshmananLinux / network security Japanese Linux routers have been targeted by a new Golang Remote Access Trojan (RAT) dubbed ‘Golang’. Gobrat. In a report released today, the JPCERT Coordination Center (JPCERT/CC) said, “The attackers first targeted routers…

A new phishing technique called “in-browser file archiver” can be used to “emulate” file archiver software in a web browser when a victim visits a .ZIP domain. “This phishing attack simulates file archiver software (such as WinRAR) within your browser…

May 29, 2023Ravi Lakshmanansupply chain / programming The Python Package Index (PyPI) announced last week that all accounts managing projects in official third-party software repositories will be required to enable two-factor authentication (2FA) by the end of the year. “Between…

May 27, 2023Ravi LakshmananAPI security/vulnerability A critical security vulnerability has been identified in the Open Authorization (OAuth) implementation of the application development framework Expo.io. This flaw has been assigned the CVE identifier CVE-2023-28131 and has a severity rating of 9.6…