Security Bulletin

The evolving malware is targeting hospitality and other B2C workers in Canada and Europe with capabilities that can evade Android 13 security restrictions.

See how to set up a working Auto-VPN architecture in a multi-cloud environment (AWS and Google Cloud). This guide provides actionable steps and techniques for designing and deploying Meraki vMX in a multi-cloud environment.

Infiltration of several Advanced health and care systems through a customer account without multi-factor authentication resulted in the widespread disruption of NHS services that lasted for weeks.

Aside from inconsistencies between Content Validator inputs and those received by the Content Interpreter, such an issue was also caused by an out-of-bounds flaw in the Content Interpreter and inadequate testing, according to a root cause analysis...

Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.

Already exploited by attackers is the "LNK Stomping" method, which involves a Windows shortcut file management vulnerability that disregards Windows Mark of the Web, according to an Elastic Security Labs analysis.

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.

Included in the leaked 227 GB trove of data were individuals' names, addresses, states, counties, cities, and ZIP codes, as well as their Social Security numbers.

Operations of the affected museums, some of which are venues for the Summer Olympics, have not been disrupted, but while Louvre Chief of Staff Matthias Grolier denied the incidence of a ransomware attack, unknown threat actors have threatened to...

While Mobile Guardian disclosed the attack to have impacted a "small percentage" of iOS and ChromeOS devices worldwide, nearly 13,000 iPads and Chromebooks across over two dozen Singaporean secondary schools were noted by the country's Ministry of...

Malicious apps spoofing Alipay or an Android system service have been used to distribute LianSpy, which when executed uses admin privileges to ensure background operation or seeks several permissions to enable extensive device access.

Attackers commenced the operation with the deployment of dropper that could evade protections in Android 13 and newer devices before displaying a fraudulent CRM login page requesting an employee ID, which when performed facilitates the installation...