Stop Worrying About Passwords Forever

Stop Worrying About Passwords Forever,

So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time.
Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications,

,

So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time.
Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications,

, ,
https://thehackernews.com/2022/09/stop-worrying-about-passwords-forever.html

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks,

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group’s operational tempo.
BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in

,

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group’s operational tempo.
BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in

, ,
https://thehackernews.com/2022/09/researchers-detail-emerging-cross.html

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials,

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk.
« Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services, » Symantec’s Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News.
Interestingly, a

,

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk.
« Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services, » Symantec’s Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News.
Interestingly, a

, ,
https://thehackernews.com/2022/09/over-1800-android-and-ios-apps-found.html

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

Infra Used in Cisco Hack Also Targeted Workforce Management Solution,

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022.
Cybersecurity firm Sentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of

,

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022.
Cybersecurity firm Sentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of

, ,
https://thehackernews.com/2022/09/infra-used-in-cisco-hack-also-targeted.html

Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App

Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App,

Microsoft on Wednesday disclosed details of a now-patched « high severity vulnerability » in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link.
« Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link, » Dimitrios Valsamaras of the Microsoft

,

Microsoft on Wednesday disclosed details of a now-patched « high severity vulnerability » in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link.
« Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link, » Dimitrios Valsamaras of the Microsoft

, ,
https://thehackernews.com/2022/09/microsoft-discover-severe-one-click.html

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability,

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild.
The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.

The tech

,

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild.
The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.

The tech

, ,
https://thehackernews.com/2022/09/apple-releases-ios-update-for-older.html

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users,

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs.
« The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website, » McAfee researchers Oliver Devane and Vallabh Chole 

,

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs.
« The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website, » McAfee researchers Oliver Devane and Vallabh Chole 

, ,
https://thehackernews.com/2022/08/experts-find-malicious-cookie-stuffing.html

Des dizaines de milliers d’applications Android divulguent des informations sensibles

Des dizaines de milliers d’applications Android divulguent des informations sensibles,

,

play store android

Le code source de milliers d’applications Android du Play Store cache des informations sensibles. Une fois collectées par les pirates, ces données mettent en danger la sécurité des développeurs et des utilisateurs.

L’article Des dizaines de milliers d’applications Android divulguent des informations sensibles est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/milliers-applications-android-divulguent-informations-sensibles.html

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope,

A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA’s James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems.
The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language’s cross-platform support, effectively allowing the

,

A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA’s James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems.
The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language’s cross-platform support, effectively allowing the

, ,
https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks,

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks.
Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs.
With the tech giant the maintainer

,

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks.
Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs.
With the tech giant the maintainer

, ,
https://thehackernews.com/2022/08/google-launches-new-open-source-bug.html