#The Hacker News

An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account."

A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first

In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000.  Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time.  Explore the impact of

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The