Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months.
BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies.
HHS warning to providers: Use of pixel tracking tech without BAA violates HIPAA
The Office for Civil Rights is warning covered entities that they might be sharing protected health information with third-party tracking vendors like Facebook and Google through their use of pixel tech, in a manner that violates the Health Insurance Portability and Accountability Act.
Swiss seek mandatory reporting of cyberattacks on key infrastructure
ZURICH, Dec 2 (Reuters) - The Swiss government proposed on Friday making it mandatory to report cyberattacks on critical infrastructure as a way to help shed light on hackers and sound the alarm more widely.
DOD Releases Path to Cyber Security Through Zero Trust Architecture
Nov. 28, 2022 - The Defense Department on Tuesday released its Zero Trust Strategy and Roadmap, which spells out how it plans to move beyond traditional network security methods to achieve reduced network attack surfaces, enable risk management and effective data-sharing in partnership environments, and contain and remediate adversary activities over the next five years.
Cybercriminals look to exploit sports fans with World Cup-themed attacks
As the sports world’s attention turns its eyes to Qatar for the 2022 FIFA World Cup, threat actors are looking to cash-in or draw attention to their cause with attacks aimed at drawing unsuspecting fans who may be more distracted with rooting for their favored teams than cybersecurity.