Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account

Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps that have been registered using 'Sign in with Apple'

from The Hacker News https://ift.tt/2Xi7mUE
via https://ifttt.com/ IFTTT

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache Attacks" published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian

from The Hacker News https://ift.tt/36JtPg7
via https://ifttt.com/ IFTTT

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a

from The Hacker News https://ift.tt/302lB1F
via https://ifttt.com/ IFTTT

Google Takes Action Against Misleading and Malicious Notifications in Chrome

Google announced on Thursday that it’s taking action against misleading and malicious notifications in Chrome with the release of version 84, which is scheduled for July 14.

Browser notifications can be useful for certain types of services but some websites abuse them to mislead users, deliver malware, or phish personal information.

read more

from SecurityWeek RSS Feed https://ift.tt/3cmiwfn
via https://ifttt.com/ IFTTT

New Yorker Indicted for Stealing Card Data via SQL Injection Attacks

The United States Department of Justice (DoJ) this week announced that a New York City man was charged for his participation in a cybercrime scheme involving the theft and trafficking of payment card data.

read more

from SecurityWeek RSS Feed https://ift.tt/36OKtv6
via https://ifttt.com/ IFTTT

Кибергруппа использует стеганографию в целевых атаках на промышленность

Исследователи проекта Kaspersky ICS CERT предупреждают о целевых атаках киберпреступников на промышленные организации в Японии и странах Европы. Экспертов особенно поражает подготовленность злоумышленников и сложность операций.

from Новости информационной безопасности - Anti-Malware.ru https://ift.tt/3ci0CtU
via https://ifttt.com/ IFTTT

NSA Publishes IOCs Associated With Russian Targeting of Exim Servers

The U.S. National Security Agency (NSA) on Thursday published information on the targeting of Exim mail servers by the Russia-linked threat actor known as Sandworm Team.

read more

from SecurityWeek RSS Feed https://ift.tt/2TQhBwW
via https://ifttt.com/ IFTTT

NetBeans Projects on GitHub Targeted in Apparent Supply Chain Attack

GitHub revealed on Thursday that tens of open source NetBeans projects hosted on its platform were targeted by a piece of malware as part of what appears to be a supply chain attack.

read more

from SecurityWeek RSS Feed https://ift.tt/2XbTQ4L
via https://ifttt.com/ IFTTT

Cisco to Buy Network Intelligence Firm ThousandEyes

Cisco on Thursday said that it plans to acquire privately held network intelligence firm ThousandEyes, as the networking giant looks to boost network visibility and intelligence across its enterprise networking, cloud and application services portfolios.

read more

from SecurityWeek RSS Feed https://ift.tt/2ZNJUQD
via https://ifttt.com/ IFTTT

Каждый 10-й россиянин столкнулся с кибершантажом во время самоизоляции

Исследователи антивирусной компании ESET проанализировали киберугрозы, с которыми столкнулись российские пользователи в период самоизоляции, вызванной пандемией COVID-19. Эксперты уделили особое внимание sextortion-шантажу.

from Новости информационной безопасности - Anti-Malware.ru https://ift.tt/2ZNUarX
via https://ifttt.com/ IFTTT