Since the middle of 2020, a Chinese state-sponsored threat actor called ‘Tropic Trooper’ has been targeting transportation organizations and government entities related to transportation sector, Trend Micro reports.
The University of Toronto’s Citizen Lab has discovered another player in the private sector mobile spyware business, fingering a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants.
Severity of Second Log4j Vulnerability Increased to Critical
Russia has been added to the list of nation states targeting the recently disclosed Log4Shell vulnerability, with exploitation attempts linked to several of the country’s cyberespionage groups.
The United States Department of Homeland Security (DHS) this week announced the launch of a bug bounty program focused on identifying vulnerabilities in its systems.
The widely used Log4j logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including profit-driven cybercriminals and state-sponsored groups.
Facebook Paid Out $2.3 Million in Bug Bounties in 2021
Social media giant Facebook today announced that it is expanding its bug bounty and data bounty programs to reward security researchers for reporting scraping vulnerabilities and databases.
If defenders needed any more urgency to patch and mitigate the explosive Log4j zero-day, along comes word that APT actors linked to China, Iran, North Korea and Turkey have already pounced and are actively exploiting the CVSS 10.0 vulnerability.
Venture capital investors are continuing to bet big on cloud security technologies with two early-stage startups announcing a combined $130 million in funding for products to help businesses secure cloud deployments.
VMware on Thursday announced the release of patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console.
Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations.
