After more than 20 years in the making, now it’s official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they
News
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further “refinements in its tactics.” XCSSET was uncovered in
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. “On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we’re working to remediate customers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser. The package in question, named “nodejs_net_server” and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its
Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named “SSPORT.SYS” that can enable remote privilege and arbitrary code execution.
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own
Instagram earlier this week introduced a new “Security Checkup” feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect
Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of “precision attacks” to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial
A sweeping and “highly active campaign” that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as “LuminousMoth,” which it
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda
Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following which patches