AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [...]
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm
Microsoft spots surge in pro-Russia exploits of video platform to spread propaganda An unknown pro-Russia influence group spent time recruiting unwitting Hollywood actors to assist in smear campaigns against Ukraine and its president Volodymyr Zelensky.…
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging
European Union Will Enact Comprehensive Regulations on AIEU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "the importance of its role as global standard setter,” said Thierry Breton.
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor GuidelinesIn the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.
Also: Top Threat Actors Are Targeting Hospitals; Remembering Steve KatzIn the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.
Highlights From the Conference on Improving Public-Private Sector CollaborationIn this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.
SEC Says Large Companies Must Report Material Incidents to Investors as of Dec. 18The FBI outlined procedures for publicly traded companies to invoke a delay in reporting material cybersecurity incidents to investors as required under a U.S. SEC rule. Regulators allow companies a pause of up to 60 business days and up to 120 business days for a substantial national security risk.
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. [...]
Apps and Devices Powered by Open-Source Code Are Pervasive in HealthcareOpen-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.
End-of-year deadline looms on US surveillance Two competing bills to reauthorize America's FISA Section 702 spying powers advanced in the House of Representatives committees this week, setting up Congress for a battle over warrantless surveillance before the law lapses in the New Year.…
Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption.
RAT Is Tailored to Exploit Vulnerabilities in Linux Kernel VersionsHackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.
Cyber insurance companies are moving down-market to offer policies to help protect remote employees, independent contractors, and small businesses from the cost of cyberattacks.
Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details.
Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn't working for all affected users. [...]
Yossi Appleboum, CEO of Sepio Systems in Israel, discusses the international support for Israel in the Israel-Hamas war and what his employees are doing to support the war effort, how the war is affecting Sepio Systems' performance and how generative AI can be "not a tool but a member of your team."