WhatsApp has patched a vulnerability that could allow an attacker to read sensitive information from the app’s memory, including private messages using a specially crafted image. The vulnerability was reported to WhatsApp by cybersecurity firm Check Point Research, and it existed within the image filter function of WhatsApp for Android and WhatsApp Business for Android…
This article has been indexed from MacRumors: Mac News and Rumors – Front Page A normal-looking Lightning cable that can used to steal data like passwords and send it to a hacker has been developed, Vice reports. The “OMG Cable” compared to Apple’s Lightning to USB cable. The “OMG Cable” works exactly like a normal…
3rd Party Risk Management , Application Security , Breach Notification Russian-Linked Group Targeted Software Design Firm And Other Tech Companies Scott Ferguson (Ferguson_Writes) • September 3, 2021 Source: Autodesk Autodesk, a California-based design software and 3D technology firm, is now acknowledging that it was one of several tech and security companies targeted by…
Hackers started exploiting a vulnerability in Atlassian’s Confluence enterprise collaboration product just one week after the availability of a patch was announced. Atlassian informed customers on August 25 that Confluence is affected by a critical vulnerability — described as an OGNL injection issue — that can allow remote attackers to execute arbitrary code on impacted…
History Shows Threats Ramp Up When Businesses Shut Down Labor Day weekend is upon us. Unfortunately, history has shown that, rather than resting, hackers and other threat actors take advantage of holidays to attack closed or understaffed businesses when they least expect it. To remind businesses not to let their guard down over the holiday…
Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware. The US software and services company provides millions of customers from the design, engineering, and construction sectors with CAD (computer-aided design),…
Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Experts Warn of Continued Scrutiny in Cryptocurrency Markets Dan Gunderman (dangun127) • September 3, 2021 The U.S. Securities and Exchange Commission this week announced civil action against defunct cryptocurrency lending platform BitConnect; its founder, Satish Kumbhani; and its top U.S. promoter, Glenn…
The latest edition of the ISMG Security Report features an analysis of data breach trends as well as other updates. In this report, you’ll hear (click on player beneath image to listen): ISMG’s Mathew Schwartz describe how phishing, ransomware and unauthorized access remain the leading causes of personal data breaches in Britain; …
An anonymous reader quotes a report from Motherboard: It looks like a Lightning cable, it works like a Lightning cable, and I can use it to connect my keyboard to my Mac. But it is actually a malicious cable that can record everything I type, including passwords, and wirelessly send that data to a hacker…
Following the public release of a Proof-of-Concept (PoC) exploit for a recently disclosed Atlassian Confluence Remote Code Execution (RCE) bug, cybercriminals are actively searching for and abusing it to install cryptocurrency mining malware. CVE-2021-26084 Flaw Damage According to the Atlassian security advisory, this vulnerability impacts Confluence Server and Data Center versions before version 6.13.23, from…
