Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
Автор: Nate Nelson, Contributing Writer
Anonymous Sudan Unmasked as Leaders Face Life in Prison
US officials disrupted the group’s DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.
Iran’s APT34 Abuses MS Exchange to Spy on Gulf Gov’ts
A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.
SOC Teams: Threat Detection Tools Are Stifling Us
Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.
SOC Teams: Threat Detection Tools Are Stifling Us
Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.
Microsoft: BYOD, QR Codes Lead Rampant Education Attacks
The average higher education institution is getting hit once a week now, and as one University of Oregon attack shows, the sector often lacks the resources to keep pace.
AI-Powered Cybercrime Cartels on the Rise in Asia
All across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.
iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.
DPRK’s APT37 Targets Cambodia With Khmer, ‘VeilShell’ Backdoor
It’s North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.
Near-‘perfctl’ Fileless Malware Targets Millions of Linux Servers
Armed with a staggering arsenal of at least 20,000 different exploits for various Linux server misconfigurations, perfctl is everywhere, annoying, and tough to get rid of.