Technology

There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable

Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs

12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named “AbstractEmu” owing to its use of code abstraction and anti-emulation checks to avoid running while under

A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev, 38, along with other

Winter is Coming for CentOS 8—but here is how you can enjoy your holidays after all. The server environment is complex and if you’re managing thousands of Linux servers, the last thing you want is for an operating system vendor to do something completely unexpected. That is exactly what Red Hat, the parent company of

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed “Shrootless” and tracked as CVE-2021-30892, the “vulnerability lies in how Apple-signed packages with

Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with “relative ease” in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8

Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware. The bogus packages — named “noblox.js-proxy” and “noblox.js-proxies” — were found to