Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

A week in security (June 24 – June 30)

A list of topics we covered in the week of June 24 to June 30 of 2024

Malwarebytes
Open in Source
#web#mac
Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust

CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

CISA's Flags Memory-Unsafe Code in Major Open Source Projects

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames,

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem

Amazon Is Investigating Perplexity Over Claims of Scraping Abuse

AWS hosted a server linked to the Bezos family- and Nvidia-backed search startup that appears to have been used to scrape the sites of major outlets, prompting an inquiry into potential rules violations.

Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks

Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.

Red Hat Security Advisory 2024-4101-03

Red Hat Security Advisory 2024-4101-03 - An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates