The news that an Android app from China was able to exploit a zero-day flaw on millions of devices came as a shock to the security community and underscores the need for vigilant security practices. A “zero-day” exploit is a previously unknown vulnerability in an operating system, application or in this case a mobile app,… Continue reading Android app from China executed 0-day exploit on millions of devices
Tag: security
“Acropalypse” Android
The Android “Acropalypse” bug which has been around for the past couple of years has now been identified as the cause of a Windows Zero-day vulnerability. It is one of the most severe software security flaws discovered to date and has received an assessment of “Critical” from Microsoft. This discovery has caused alarm bells to… Continue reading “Acropalypse” Android
Security build
In a major funding round, Dope Security, a startup focused on secure web gateways, has raised $16M led by GV, Alphabet’s venture capital arm. The new funding round will enable Dope Security to continue its mission of building secure web gateways designed to work on endpoints, not in the cloud. The company hopes to reduce… Continue reading Security build
Security firm Rubrik is latest to be felled by GoAnywhere vulnerability
Recently, news broke that security firm Rubrik had become the latest victim of the ‘GoAnywhere’ vulnerability. The security firm, which provides data protection and management solutions, has experienced a massive data breach due to the vulnerability. This comes on the heels of similar breaches that have occurred for organizations using GoAnywhere, a managed file transfer… Continue reading Security firm Rubrik is latest to be felled by GoAnywhere vulnerability
Web of lies: Web3 isn’t the security fix-all you think it is
Whether it’s for privacy, financial transactions, or data usage, we’ve seen many people turn to Web 3.0 as a way to enhanced security online. But it’s not the security fix-all you may think it is. First, while Web 3.0 promises more security than its predecessors, Web 1.0 and Web 2.0, it’s important to remember that… Continue reading Web of lies: Web3 isn’t the security fix-all you think it is
North Korean hackers target security researchers with a new backdoor
In recent news, there has been an alarming revelation of North Korean hackers targeting security researchers with a new backdoor. The motive is to gain access to their computers, steal confidential data, and even carry out espionage activities. The hackers reportedly use a malicious file called ‘Noko’ to gain access to the victims’ computer systems,… Continue reading North Korean hackers target security researchers with a new backdoor
Congress’s Social Security Numbers Leaked in Health Data Breach
Recently, Congress was hit with a massive data breach in a health data leak that included social security numbers of several members. The exposure of the numbers, which could be used to carry out various forms of identity theft, was made public on a web site that claimed to offer support services. The data breach… Continue reading Congress’s Social Security Numbers Leaked in Health Data Breach
Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption
The United Kingdom government wants tech companies which offer encrypted messaging services to weaken the security of their products. Usually referred to as “backdoors”, these changes would allow intelligence and law enforcement agencies to access the data protected by encryption. Signal CEO Moxie Marlinspike has declared that they “1,000% won’t participate” in any law which… Continue reading Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption
This week’s Reddit breach shows company’s security is (still) woefully inadequate
It’s been a week since Reddit, one of the world’s most popular online platforms, experienced a security breach that allowed a hacker to gain access to user information. While details are still forthcoming, this breach is a stark reminder that companies of all sizes and industries need to better protect their users data. The Reddit… Continue reading This week’s Reddit breach shows company’s security is (still) woefully inadequate
How to manage third-party cybersecurity risks that are too costly to ignore
As businesses become increasingly dependent on technology, they are often left vulnerable to security issues due to the growing reliance on third-party applications and services. With cyberattacks on the rise, organizations must take steps to protect themselves and manage the associated risks that come with third-party cybersecurity. First, organizations must assess their situation and understand… Continue reading How to manage third-party cybersecurity risks that are too costly to ignore