Feb 07, 2025Ravie LakshmananMobile Security / Artificial Intelligence A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that … [Read more...] about DeepSeek App Transmits Sensitive User and Device Data Without Encryption
Security
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
Feb 07, 2025The Hacker NewsVulnerability / Malware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that … [Read more...] about CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
Lessons from an Istio Configuration Finding
As a part of our ongoing work to secure cloud computing infrastructure, we delved into the inner workings of some popular Kubernetes add-ons. Our first subject of research was Istio, a popular service mesh add-on. Istio is an open-source service mesh for Kubernetes that manages communication between microservices. It provides traffic management, security, and … [Read more...] about Lessons from an Istio Configuration Finding
Quantum Key Distribution & the Path to Post-Quantum Computing
This is the fourth in our series of blogs about the quantum threat. Our most recent post, The Impacts of Government Regulations on PQC Product Availability, discussed government standards for Post-Quantum Computing (PQC) and their impact on PQC adoption. As a diverse collection of stakeholders anticipates the maturing of PQC, the risks of Q-Day and Harvest Now, Decrypt Later … [Read more...] about Quantum Key Distribution & the Path to Post-Quantum Computing
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
Feb 06, 2025Ravie LakshmananCyber Attack / Malware Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, … [Read more...] about Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Feb 05, 2025Ravie LakshmananCryptocurrency / Data Breach The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message … [Read more...] about Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Inside CrowdStrike’s New ML-Powered LDAP Reconnaissance Detections
Early in the cyberattack kill chain, reconnaissance enables attackers to assemble critical network information to plan a tailored attack strategy. In this phase, adversaries aim to map out networks and their users, and locate system vulnerabilities, without setting off alarms. Proactive monitoring and early detection of this activity can disrupt attackers in their tracks and … [Read more...] about Inside CrowdStrike’s New ML-Powered LDAP Reconnaissance Detections
University of Sunderland Proactively Defends With CrowdStrike
In 2021, the University of Sunderland experienced a devastating ransomware attack that disrupted its services and highlighted vulnerabilities in its security posture. With over 28,000 students relying on its network, the university needed to quickly recover and ensure such an incident wouldn’t happen again. Enter CrowdStrike. CrowdStrike’s Incident Response team worked … [Read more...] about University of Sunderland Proactively Defends With CrowdStrike
Cybersecurity for Businesses of All Sizes
One of the primary reasons why cybersecurity remains a complex undertaking is the increased sophistication of modern cyber threats. As the internet and digital technologies continue to advance, so do the methods and tools cybercriminals use. This means that even the most secure systems are vulnerable to attacks over time. Detecting and preventing these attacks require constant … [Read more...] about Cybersecurity for Businesses of All Sizes
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module … [Read more...] about Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access