Tag
July's Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS. The post Update now—July Patch Tuesday patches include fix for exploited zero-day appeared first on Malwarebytes Labs.
Businesses receive an invoice via email with a credit card charge and are asked to call a fake number and hand over personal information to receive a refund.
Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one
Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.
PyPI is rolling out a 2FA requirement for maintainers of critical projects. The post PyPI starts rolling out required 2FA for important projects appeared first on Malwarebytes Labs.
The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.
"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.