Author Archives: Ravie Lakshmanan

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices.
The list of issues is below –

CVE-2022-32893 – An out-of-boun… Continue reading Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities→

In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that’s currently in development.
“This new malware tries to abuse de… Continue reading Cybercriminals Developing BugDrop Malware to Bypass Android Security Features→

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.
Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted inp… Continue reading New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild→

A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations.
“In this activity, RedAlpha very likely sought to… Continue reading Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers→

More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show.
“From January 2020 to June 2022, more than 4.3 million unique users were attacked by adw… Continue reading Malicious Browser Extensions Targeted Over a Million Users So Far This Year→

The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets.
Slovak cybersecurity firm ESET linked it to a campaign dubbed “Operation In(ter)ception” that was … Continue reading North Korea Hackers Spotted Targeting Job Seekers with macOS Malware→

RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI.
To that end, owners of gems… Continue reading RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers→

A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors.
Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to archi… Continue reading ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors→

Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks.
Dubbed “… Continue reading New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks→

Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a “highly persistent threat actor” whose objectives align closely with Russian state interests.
The company is tracking the espionage-oriented activity cluster und… Continue reading Microsoft Warns About Phishing Attacks by Russia-linked Hackers→