Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Sophisticated Android Spyware Targets Users in Russia

Researchers say "LianSpy" malware has been in use in a covert data gathering operation that's gone undetected for at least three years.

DARKReading
Open in Source
#vulnerability#ios#android#intel#asus#auth#zero_day
China's Evasive Panda Attacks ISP to Send Malicious Software Updates

The APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity.

Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation? Obfuscation is the technique of intentionally making information difficult to read, especially in

Where to find Talos at BlackHat 2024

This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat.

Apple Security Advisory 07-29-2024-9

Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 07-29-2024-8

Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 07-29-2024-7

Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

Telegram App Flaw Exploited to Spread Malware Hidden in Videos

A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. "

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s [Microsoft Researcher Recognition Program](https://www.microsoft.com/en-us/msrc/researcher-recognition-program) leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen, Lewis Lee & Ver & Zhiniang Peng, and Wei!

SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining four weaknesses have been rated High in severity, with each of them having a CVSS