Author Archives: Ravie Lakshmanan

Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China.
The ByteDance-owned platform, which … Continue reading New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users’ Data→

Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. 
“These vulnerabilities can be chained together by… Continue reading Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software→

A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign.
The apps, published by a developer named Mobile apps Group and currently avai… Continue reading These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites→

A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application.
Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike… Continue reading Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App→

File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub.
“These repositories included our own … Continue reading Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories→

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution.
The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have … Continue reading OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities→

Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access.
The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide … Continue reading Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB→

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities.
Targets include media, diplomatic, governmental and public sector organizations and thi… Continue reading Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware→

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM).
The issue, characterized as a “neutralization of Special Elements in Output Used… Continue reading Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution→

The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal.
This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange … Continue reading Fodcha DDoS Botnet Resurfaces with New Capabilities→