Trend Micro Research has published an analysis of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June.
The Securities and Exchange Board of India (Sebi) on Saturday said it has lodged a complaint against a cybersecurity incident it noticed on its e-mail system. However, the regulator added that no sensitive data was stolen.
Prototype pollution is a type of JavaScript vulnerability that allows attackers to exploit the rules of the programming language to change an application’s behavior and compromise it in various ways.
Crosslake Technologies, a leader in providing data-driven technology advisory services to PE firms and their portfolio companies, announced it has completed its third add-on acquisition in the past 18 months with the purchase of VantagePoint.
Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions, and banking, as well as purchases like airline ticketing. Fraudster attacks can include phishing, BEC, and social engineering.
Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many government services.
Following the launch of a new “Data safety” section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web.
Microsoft attributed the Holy Ghost ransomware operation to North Korean hackers. Tracked as DEV-0530, the group has been targeting small businesses worldwide for over a year. For organizations to stay protected, experts recommend collaborative action, including sharing the indicators of compromise while looking into the malware.
Akamai unveiled a malicious operation that brute-forces WordPress sites to deploy phishing kits. These kits redirect users to fake PayPal pages and harvest sensitive data including users’ banking information and email passwords. Users are advised to double-check the domain name of a page requesting sensitive information.
WhatsApp’s CEO has issued a strict warning to Android users about fake versions of the messaging app attempting to steal personal information stored on victims’ phones. A Twitter thread by the CEO revealed a fake Android app called ‘Hey WhatsApp’ being sold as a premium WhatsApp version. WhatsApp recommends users to access their official download […]