Adobe Patches ‘Critical’ Security Flaws in Illustrator, After Effects

Software maker Adobe on Tuesday shipped urgent security updates to fix code execution vulnerabilities in the widely deployed Illustrator and After Effects products.
read more

Continue reading Adobe Patches ‘Critical’ Security Flaws in Illustrator, After Effects

Researchers Devise Method to Decrypt Hive Ransomware-Encrypted Data

A group of academic researchers has found a way to exploit a security flaw in the encryption algorithm used by the Hive ransomware to recover hijacked and encrypted data.
read more

Continue reading Researchers Devise Method to Decrypt Hive Ransomware-Encrypted Data

FCC Chair Proposes New Policies for Carrier Data Breach Reporting

Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.
read more

Continue reading FCC Chair Proposes New Policies for Carrier Data Breach Reporting

Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU bu… Continue reading Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw

If defenders needed any more urgency to patch and mitigate the explosive Log4j zero-day, along comes word that APT actors linked to China, Iran, North Korea and Turkey have already pounced and are actively exploiting the CVSS 10.0 vulnerability.
read m… Continue reading Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw

GitHub Confirms Another Major NPM Security Defect

Microsoft-owned GitHub is again flagging major security problems in the npm registry, warning that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain.
read more

Continue reading GitHub Confirms Another Major NPM Security Defect

SolarWinds Outlines ‘Triple Build’ Software Development Model to Secure Supply Chain

When FireEye (now Mandiant) disclosed the SolarWinds breach in December 2020, the security world was forced to accept the reality that given the motivation, time and resources, an advanced attacker can breach any organization. And if the breached organ… Continue reading SolarWinds Outlines ‘Triple Build’ Software Development Model to Secure Supply Chain

Apple Patches 22 Security Flaws Haunting iPhones

Apple has released another IOS 15 update with patches for 22 serious security defects in a wide range of iPhone and iPad software components.
The vulnerabilities are serious enough to expose iPhone and iPad users to malicious hacker attacks via rigged … Continue reading Apple Patches 22 Security Flaws Haunting iPhones

Adobe Patches Gaping Security Flaws in 14 Software Products

Adobe on Tuesday released a slew of urgent patches with fixes for more than 90 documented vulnerabilities that expose Windows, macOS and Linux users to malicious hacker attacks.
The security defects affect a wide range of popular products, including Ad… Continue reading Adobe Patches Gaping Security Flaws in 14 Software Products

Nation-State APT Targets Afghans With New Toolset

A previously unseen threat actor, likely a nation-state, is targeting various entities in South Asia, with a focus on Afghanistan, according to a warning from anti-malware vendor Symantec.
read more

Continue reading Nation-State APT Targets Afghans With New Toolset