The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
The aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point.
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets.
U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals.
FBI warns about Google Voice abuse
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
French video game company Ubisoft this week confirmed that ‘Just Dance’ user data was compromised in a recent cybersecurity incident.
The data breach was the result of a misconfiguration that has since been corrected, but not before player data was accessed and potentially copied by a third party.
By impersonating 121 brands, scammers managed to defraud users in over 90 countries of an estimated $80 million per month, Singapore-based threat hunting and intelligence firm Group-IB reveals.
Since the middle of 2020, a Chinese state-sponsored threat actor called ‘Tropic Trooper’ has been targeting transportation organizations and government entities related to transportation sector, Trend Micro reports.
The University of Toronto’s Citizen Lab has discovered another player in the private sector mobile spyware business, fingering a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants.
