Researchers at the University of Birmingham and University of Surrey say they have uncovered a vulnerability in the Apple Pay-Visa setup that could allow hackers to bypass iPhone’s Apple Pay lock screen, perform contactless payments and skirt transaction limits.
Cybersecurity vendor VMware has published a security advisory detailing 19 vulnerabilities affecting its vCenter server and Cloud Foundation products and has released fixes for all of them. One of the flaws has a high CVSS of 9.8, and CISA is warning of its "widespread exploitation."
Whenever your organization creates and delivers mobile applications to either employees or end-customers, they are essentially also delivering a blue-print to bad actors on how to access your organization’s sensitive data.
As a security professional, you are already aware that “In-App” protection complements...
Hacking incidents - especially those involving ransomware attacks and vendors - continue to rack up some of the largest victim counts in major health data breaches being reported to federal regulators in 2021. Will the trend continue?
The Russia-linked cyberespionage group Nobelium, which was responsible for the SolarWinds supply chain attack, has developed and deployed a new malware, dubbed FoggyWeb, according to a Microsoft Threat Intelligence Center security blog. Microsoft says FoggyWeb creates a backdoor to exfiltrate data.
Researchers at cybersecurity firm Kaspersky have discovered an advanced Trojan, dubbed BloodyStealer, stealing gamer accounts and data from platforms such as Steam, Epic Games Stores and EA Origin. They say there is a demand for this type of data among cybercriminals.
The world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19, according to Amit Basu, CISO and CIO at International Seaways. He offers proactive prevention measures, based on his own experience, for how organizations can stay safe and secure.
The Australian Cyber Security Center has issued a critical vulnerability alert in a Zoho Corp. password management service that could enable a threat actor to take control of the targeted host. The company has issued a security patch.
It is more important than ever to make applications robust and secure, but traditional application security has not kept pace with the demands of development and deployment. More needs to be done and as early in the software development lifecycle as possible.
The Checkmarx portfolio of products includes SAST, SCA,...
U.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks, diplomatic efforts to curb ransomware's financial model, and the nation-states that harbor cybercriminals.
Researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade. The 200GB database, which has now been secured, has not been accessed by unauthorized personnel, Thai authorities say.
Researchers have found a zero-day vulnerability in U.K. broadband and cable TV provider Virgin Media’s Super Hub 3 routers that enables an attacker to unmask IP addresses of VPN users. But a Virgin Media spokesperson says the risk of that happening is "very low."
Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.
While there is no dearth of talent among Indian bug bounty hunters, hurdles such as lack of trust, payment disputes, cost, unethical practices and lack of regulatory laws deter the growth of the bug bounty programs in the country, according to some experts.
The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.