Jan 10, 2025Ravie LakshmananCybersecurity / Android Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds … [Read more...] about Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
CrowdStrike Strengthens Container Security with Registry Scanning
Organizations of all sizes require security tools to meet their complex hybrid cloud needs. As their cloud environments and workloads evolve, this includes solutions that can scan for vulnerabilities in container images regardless of their location across public and private cloud environments. The problem is, most organizations lack this capability. Many use tools that … [Read more...] about CrowdStrike Strengthens Container Security with Registry Scanning
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
Jan 09, 2025Ravie LakshmananVulnerability / Endpoint Security Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker … [Read more...] about Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
Recruitment Phishing Scam Imitates Hiring Process
Once the basic environment checks are completed and the fake error message is displayed, the executable proceeds to download a text file from the URL: This file contains configuration information for XMRig in the form of command-line arguments that can be appended to a call to the XMRig miner executable. The executable then downloads a copy of XMRig from GitHub, … [Read more...] about Recruitment Phishing Scam Imitates Hiring Process
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as … [Read more...] about Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
Jan 07, 2025Ravie LakshmananFirmware Security / Malware Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware … [Read more...] about Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
Jan 06, 2025Ravie LakshmananRegulatory Compliance / Data Privacy The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a … [Read more...] about India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a … [Read more...] about Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
Jan 04, 2025Ravie LakshmananMalware / VPN Security Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Managed Defense team, shares functional overlaps with a known … [Read more...] about PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%
Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit … [Read more...] about New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%