XProtect, macOS’s built-in anti-malware system, struggles to detect evolving info-stealers like KeySteal and Atomic Stealer, highlighting the need for more robust security measures.
Snyk’s acquisition of Helios marks its second move in developer-led application security posture management, following the previous acquisition of Enso Security, further strengthening its platform with prioritization and remediation capabilities.
Genesis Global Trading violated its BitLicense terms, with late and inadequate cybersecurity risk assessments, and appeared deficient in filing suspicious activity reports for potential money laundering.
The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, can lead to remote code execution or denial-of-service attacks, and specific recommendations for mitigating the risks are provided.
The tool offers a visual attack graph representation of Active Directory in the browser, along with the ability to collect data from Windows machines and perform in-depth analysis.
The flaws affect Tianocore’s EDK II UEFI implementation and other major tech companies and BIOS providers, prompting a coordinated disclosure effort by CERT/CC and CERT-FR.
The U.S. Secret Service executed a seizure warrant to recover $34,000 stolen through a fake Norton antivirus renewal email scam. The scam tricked victims into granting remote access to their computers, and then transferring money from their accounts.
The scheme involved phishing pages to trick users into connecting their wallets with the attackers’ infrastructure, resulting in over $87 million in illicit profits from more than 137,000 victims.
OAuth attacks are on the rise, and organizations must implement strong access controls, fortify identity security for user accounts, and monitor third-party app activity to prevent unauthorized access to SaaS resources.
A cloud services firm returned patient data stolen in a ransomware attack by the LockBit gang to a New York hospital alliance. The hospitals had sued LockBit as a legal maneuver to force the storage firm to return the data.