Cybersecurity Starts in the Boardroom
I have just spotted this – it is Saturday – but I thought I would put it quickly, up as many people depend on Google Chrome for shopping, banking etc: Google Chrome emergency update fixes new zero-day used in attacks (bleepingcomputer.com) This impacts the Windows, Mac, and Linux versions, is …
Continue reading “Another Google Chrome zero-day patch released”
The Microsoft Security Blog is reporting on a flaw discovered in the Android TikTok app that would potentially allow threat actors to take over the user’s account with them clicking on a malicious link. Vulnerability in TikTok Android app could lead to one-click account hijacking – Microsoft Security Blog Remember …
Continue reading “One click account vulnerability in the TikTok Android app”
This the zero-day WebKit vulnerability that Apple patched in mid-August for current operating systems and Safari. The flaw is so serious and there are reports of it being exploited in the wild that Apple has issued a security advisory covering older devices and iOS versions: About the security content of …
Continue reading “Apple security flaw is so serious they extended the fix to older devices”
I have written before about how good “bug bounties” are for improving everyone’s cyber security, rewarding the white hat hackers and researchers for their work. The Open Source Software Vulnerability Rewards Program (OSS VRP) Now Google has launched a bug bounty program that rewards the ethical technologists for finding and …
If you, as a threat actor, could embed your malware into a software module, that is then used by many innocent and unaware software developers in their packages, they release to the general public, wouldn’t you? That looks like a lot of infected machines for a small amount of work. …
Continue reading “Software repositories are a target for threat actors”
