Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.

DARKReading
Open in Source
#vulnerability#apple#google#huawei#auth
Scammers Exploit Fake Domains in Dubai Police Phishing Scams

BforeAI has discovered a surge in phishing attacks targeting the Dubai Police, a government-run entity. Learn how cybercriminals are exploiting the Dubai Police name to steal personal information and money.

GHSA-v778-237x-gjrc: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and t...

Global Ongoing Phishing Campaign Targets Employees Across 12 Industries

SUMMARY Cybersecurity researchers at Group-IB have exposed an ongoing phishing operation that has been targeting employees and associates from…

Cybercrime Gangs Abscond With Thousands of AWS Credentials

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Hackers Target Job Seekers with AppLite Trojan Using Fake Job Emails

SUMMARY Zimperium’s zLabs has shared its latest research with Hackread.com, ahead of its publishing on December 10. According…

Attackers Can Use QR Codes to Bypass Browser Isolation

Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.

Google Launches Open Source Patch Validation Tool

Vanir automates the process of scanning source code to identify missing security patches.

Digital Assets Cybersecurity Essentials

Discover essential tips to secure your digital assets like crypto, NFTs, and tokens. Learn about wallet safety, avoiding…