Tag Archive for: latest

Multiple Security Vulnerabilities Patched in Latest Android Update


The Indian Computer Emergency Response Team (CERT-In) has published an advisory on multiple security holes in devices running recent versions of Android. As part of this month’s Android Security Bulletin, the cybersecurity agency cautioned consumers about vulnerabilities that Google and smartphone component vendors such as Qualcomm and MediaTek had just patched. Samsung has also released patches for nine Samsung Vulnerabilities and Exposures (SVE) that were privately disclosed and have moderate severity ratings as part of the most recent security update.

CERT-In released an advisory

CERT-In released an advisory on Tuesday highlighting many vulnerabilities discovered across various sections of the Android operating system, including the “Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components, and Qualcomm closed-source components.” The advisory has a “High” severity level and specifies that the issues affect Android 12 (and 12L), Android 13, and Android 14.

According to the cybersecurity agency, Google has fixed vulnerabilities in its Android operating system that might allow an attacker to get unauthorised access to sensitive data on an afflicted device. An attacker might exploit the vulnerabilities to gain privileged access to the device, run malicious code, or perform a denial of service (DoS) attack.

 

 

Google has released detailed information about specific components

Meanwhile, Google has released detailed information about specific components that have been patched with the latest Android Security Bulletin, such as fixes for bootloader vulnerabilities on devices with AMLogic components, flaws in Mali (Arm) components, and security issues affecting Wi-Fi and kernels on Qualcomm devices.

 

Samsung has said that the newest Security Maintenance Release (SMR) Mar-2024 Release 1 update will defend its devices from nine SVEs that affect Wi-Fi, AppLock, other operating system components, and the bootloader. The company also claims to have given remedies for other SVE items that are currently undisclosed.

Users should keep their cell phones up to date with the most recent monthly security…

Source…

Latest Edition of Mitre Cybersecurity Evaluation Program to Tackle Ransomware, Threats to macOS


Common behaviors associated with ransomware campaigns will be tackled in the sixth round of MITRE Engenuity‘s ATT&CK Evaluations, a program that seeks to assess the capabilities and performance of enterprise cybersecurity solutions.

MITRE said Tuesday that applications are already being accepted for the latest round of ATT&CK Evals, whose focus on ransomware stems from the malware type’s persistence as “one of the most significant cybercriminal threats across industry verticals,” according to Amy Robertson, the program’s principal cyber threat intelligence analyst.

Due to the Democratic People’s Republic of Korea targeting macOS, the latest Evals round will also tackle Apple‘s laptop and desktop operating system.

“The DPRK has emerged as a formidable cyber threat, and they have progressively been expanding their focus to macOS as they work to evade international sanctions,” Robertson noted.

For his part, ATT&CK Evals General Manager William Booth said he and his organization were thrilled to expand the scope of the program to include macOS, a move that underscores a “commitment to comprehensive, platform-diverse assessments.”

Results of the evaluations will be released in the fourth quarter of 2024. Those interested in undergoing assessment have until April 30 to apply.

Source…

‘Mother of all data breaches’ reported in latest large-scale hack


It’s a shocking number – 26  billion account records were stolen in what’s being called the ‘mother of all data breaches.’

The leak includes popular sites like Dropbox,  Linkedin, Telegram, and Twitter. It was detailed in a report from Cybernews.com and is unsettling for anyone who ever goes online. 

“It’s horrible. It’s really horrible,” said Professor Huirong Fu, of Oakland University.

Fu is a founding director of OU’s Center for Cybersecurity.  She says this is difficult for consumers who sometimes have no choice but to register their information with companies they want to do business with.

This includes taking birthdays, addresses, and sometimes even Social Security numbers, putting many people between a rock and a hard place.

“We have no choice, if they don’t want to provide this information, they can not use their platform,” she said. “This is horrible.”

Cybernews.com calls it the “Mother of all Breaches” – 12 terabytes of information. Some companies you’ve likely used,

So can you do anything?

The Federal Trade Commission has some general tips: Secure your devices by keeping security software, internet browser, and operating systems up to date. protect your accounts — particularly those with personal information, like your bank, email, and social media accounts.

Strong passwords and multi-factor authentication can really help. Also be very circumspect when giving out any personal information to any organization even if you trust them, because the possibility of a hack is always a real threat.

For more on the data breach click here.

Source…

The Latest Innovations in Cybersecurity


The risks to our online security are growing at a rapid pace in a world where technology is developing. The strategies used by cybercriminals to exploit vulnerabilities are always changing, thus the cybersecurity industry must stay up with these developments. Because cybercriminals keep finding new ways to exploit vulnerabilities, the cybersecurity industry has to constantly keep up with the latest developments. Furthermore covered will be the function of shared proxies and the reasons you would wish to buy shared proxies in order to provide an extra degree of protection.

1. AI and machine learning, it’s all about smart computers getting even smarter.

In the cybersecurity game, AI and ML are still stealing the show by constantly innovating. However, AI and ML can quickly analyse huge amounts of data to find patterns that may show a security breach. With AI and ML in their toolkit, companies can quickly catch any funky trends that might signal a security issue.

2. The Zero Trust Security Model

It’s essentially a strategy that doesn’t automatically trust anything inside or outside its perimeters and instead, verifies everything trying to connect to its systems before granting access.

Zero Trust, a rising star in cybersecurity, doesn’t play nice – it eyes every access request as potentially sketchy. Unlike traditional models that assume trust within a network, the Zero Trust model treats every access request as potentially malicious. Everyone trying to get at the goodies has to pass a double-check, cutting down on sneaky insider problems and sideways moves by cyber baddies.

3. Extended Detection and Response (XDR)

An innovative strategy that goes beyond conventional Endpoint Detection and Response (EDR) solutions is called Extended Detection and Response (XDR). XDR’s like a super-sleuth, pulling data from everywhere—networks, endpoints, the cloud—to really get to the heart of a company’s security health. But holistic security monitoring helps you spot and fix threats faster.

4. Quantum-Safe Cryptography

With the advent of quantum computing on the horizon, traditional encryption methods face the risk of being compromised. Quantum computing, once fully developed, could easily…

Source…