Subterms
The vast majority of security vulnerabilities in open-source projects reside in indirect dependencies rather than directly and first-hand loaded components. “Aggregating the numbers from all ecosystems, we found more than three times as many vulnerabilities in indirect dependencies than we did direct dependencies,” Alyssa Miller, Application Security Advocate at Snyk, told ZDNet in an interview […] More
Nvidia has released a set of security updates to remove vulnerabilities in the Nvidia GPU Display Driver. This week, the tech giant published a security advisory for a total of six bugs in the driver, varying in severity with CVSS scores of between 5.5 and 7.8 and impacting both Windows and Linux machines. The first […] More
Australian beverage giant Lion has provided another update to the ransomware attack it suffered earlier this month, saying that over the past week, the company has continued to make progress in restoring many of its key systems. With data purporting to be from the company said to be available on the “dark web”, Lion, formerly […] More
More online shoppers are falling for scams in Singapore, where cybercrime accounted for 26.8% of all crimes last year with e-commerce scams the most popular. Some 9,430 cybercrime cases were reported last year, up 51.7% from 2018 when there were 6,215 cases. E-commerce remained the leading tactic used by scammers who hoodwinked 2,809 victims in […] More
A 22-year-old from Vancouver, Washington was sentenced today to 13 months in prison for creating and operating multiple DDoS botnets made up of home routers and other networking and Internet of Things (IoT) devices. The US Department of Justice said Kenneth Currin Schuchman, known online under the monicker of Nexus Zeta, created multiple IoT botnets, […] More
In a presentation at its developer conference this week, Apple announced that the upcoming versions of its iOS and macOS operating systems will support the ability to handle encrypted DNS communications. Apple said that iOS 14 and macOS 11, set to be released this fall, will support both the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols. […] More
[embedded content] A Chinese bank has forced at least two western companies to install malware-laced tax software on their systems, cyber-security firm Trustwave said in a report published today. The two companies are a UK-based technology/software vendor and a major financial institution, both of which had recently opened offices in China. “Discussions with our client […] More
Microsoft is warning organizations that use Exchange email servers to shore up their systems now after observing a massive spike in highly skillful attacks this April. The company’s alert details how advanced cyber attackers are using freely available open-source software and a known, critical vulnerability to attack Exchange email servers – one of the most […] More
