Enterprise, Workstation, Data Center, Cloud, Networking, Software News And Reviews
In-depth product reviews and news of enterprise, workstation, networking, cloud, SMB, data center and software products and services.
A researcher at the cloud security company Lightspin recently discovered a flaw in the Amazon Web Services (AWS) Elastic Container Registry (ECR) Public Gallery that threat actors could have exploited to delete or modify container images with billions of downloads. The leveraging of an exploit in this manner would...
Read more...
In the course of investigating an Android banking Trojan known as “Ermac,” cybersecurity researchers at ThreatFabric recently discovered a service that takes legitimate apps and turns them into Trojans. The researchers have named this service “Zombinder,” as it binds a malware dropper to legitimate apps, effectively...
Read more...
This week, the Health Sector Cybersecurity Coordination Center (HC3), which is part of the US Department of Health and Human Service (HHS), issued a report warning the healthcare industry about the threat posed by a new ransomware group that operates under the name “Royal.” This report comes a little over a month after the Biden administration
Read more...
Yesterday, Apple announced a set of new security features coming soon to iPhones. Among these features is an option to enable end-to-end encryption (E2EE) for iCloud backups. US users are slated to be the first group for which this feature will be widely available, with Apple targeting the end of the year for its US...
Read more...
The first day of Pwn2Own Toronto 2022 has come and gone, and Samsung’s Galaxy S22 has had it rough, with more potential abuse yet to come. A variety of printers and routers from different companies have also taken some beatings. Pwn2Own is a hacking contest held every year by the Zero Day Initiative (ZDI), giving...
Read more...
Last week, Google began pushing out an update to its Chrome browser that fixes a critical security vulnerability in the browser’s JavaScript engine. Google noted in its blog post about the update that an exploit for this vulnerability is out in the wild. Then, on Monday, the Cybersecurity and Infrastructure Security...
Read more...
In most cases, it's pretty easy to recognize a phishing scam. Telltale signs include typos, bad grammar, unsolicited attachments, and spoofed email addresses and hyperlinks, to name just a few. So imagine my surprise when I received an email that exhibited none of those traits, at least not initially, in an attempt to...
Read more...
Edward Snowden, the former NSA contractor turned mass surveillance whistleblower, officially became a Russian citizen in September of this year when Russian president Vladimir Putin signed a decree granting citizenship to Snowden and seventy-four other foreigners residing in the country. Last week, Snowden’s lawyer...
Read more...
In the latest detection statistics by Dr. Web antivirus for Android, it found that more than two million users were being bamboozled into installing and using certain apps that were actually backdoors for malware, phishing, and adware. These apps were disguised as rewards apps, utilities or system optimizers that...
Read more...
The cybersecurity firm Zimperium, has published a blog post detailing a recently discovered Android malware campaign that has been ongoing since 2018. This campaign spreads a set of malicious apps the researchers are calling the “Schoolyard Bully Trojan” on account of the fact that the malicious apps are disguised as...
Read more...
The CEO of the password manager LastPass, Karim Toubba, has published a blog post on the company’s website disclosing a recent security breach. According to the blog post, this incident affected both LastPass and its affiliate company GoTo, with a similar blog post appearing on the GoTo website. With the help of the...
Read more...
The proliferation of “smart” devices within the home has raised privacy concerns as it has become more apparent that the companies selling these devices often have access to data and media collected by the devices. Eufy, a sub-brand of the popular Chinese electronics manufacturer Anker Innovations, tries to capitalize...
Read more...
TikTok’s meteoric rise is due, in part, to viral challenges that spread on the social media platform. Some of these challenges are not only dumb, but down right dangerous. One of the more recent challenges revolves around a TikTok filter that masks people’s bodies with a blur of color intended to match the background...
Read more...
The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to...
Read more...
For quite some time now—since the mid-1990s or thereabouts—there's been a significant split in the PC market between standard consumer desktops and workstation systems, also known as "high-end desktop" (HEDT) systems. HEDT machines, generally speaking, usually offer more high bandwidth connectivity, more cores, and...
Read more...
Researchers at the cybersecurity firm ESET have discovered an active Android malware campaign that began in January 2022. The campaign in question distributes spyware injected into legitimate VPN apps. The researchers have tied this campaign to an advanced persistent threat (APT) group known as “Bahamut.”
Bahamut...
Read more...
Between all the scintillating Black Friday deals and the Cyber Monday bargains that will follow, you may end up spending a lot of time surfing online retail stores for discounts. That's all well and good, but if you're among the more than 2 billion people who use Google's Chrome browser, take a moment to apply the...
Read more...
A cyber risk and security analysis company by the name of Cyble has discovered that there are a number of websites distributing a version of MSI Afterburner laced with various strains of malware. Those who accidentally download this widely popular graphics card utility via one of the cunningly crafted spoof domains...
Read more...
This week, the United States Department of Justice (DOJ) announced the seizure of seven domain names that cybercriminals used to carry out a cryptocurrency scam. The scam in question is known as a “pig butchering” scheme, as the scammers metaphorically led their victims to the slaughter. In these sorts of schemes, the...
Read more...
Three days ago, users of the sports betting service DraftKings began reporting that their accounts had been hacked. In cases in which the hacked accounts contained funds, users reported the hackers attempting to withdraw their funds to newly added bank cards. Yesterday, DraftKings acknowledged these reports publicly...
Read more...
Researchers at the cybersecurity company Cyble have published a technical analysis of a new ransomware known as “AXLocker.” Aside from the regular data encryption performed by ransomware, AXLocker also searches victims’ systems for Discord login tokens, then hands these tokens over to the threat actor behind the...
Read more...
Two weeks ago, the Biden administration convened the second International Counter Ransomware Summit, warning that ransomware attacks are outpacing efforts to mitigate them. Now, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and...
Read more...
