Use ongoing exposure management to parse the riskiest exposures and probable attack paths, then identify and plug the choke points.

US Cybersecurity and Infrastructure Security Agency (CISA) added Chrome and macOS vulnerabilities to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to […]

The post CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

Portrait photographers can spend hours perfecting a single headshot in Adobe’s apps—everything from erasing skin imperfections to making the subject look much younger than they really are. Some of those advanced photo-retouching techniques just got a lot easier, as today Adobe announced several AI-powered Lightroom…

Read more…

Businesses must leverage state and local guidance — along with technology — to maintain secure, compliant infrastructure.

The combined company will boost ZeroFox’s attack surface management capabilities.

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads.
An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.
The rogue component is part of a third-party software library used by the apps in

Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments.

That’s according to the Unit 42 Cloud Threat Report, Volume 7, which analyzed the workloads in 210,000 cloud accounts across 1,300 different organizations to gain a comprehensive look at the current cloud security landscape. It cited a small set of risky cloud behaviors that are repeatedly observed in organizations, warning that the average time to remediate alerts (roughly six days) provides a lengthy window of opportunity for adversaries to exploit cloud vulnerabilities.

To read this article in full, please click here

Israel-based QuaDream has closed its office after a piercing analysis of its
operation developing and selling mercenary spyware tools.

Last week, researchers at Citizen Lab and Microsoft jointly blew the lid off
QuaDream’s Reign malware
[https://www.bitdefender.com/blog/hotforsecurity/quadream-reign-spyware-used-to-hack-iphones-of-high-profile-targets/]
infecting the iPhones of at least five civil society members during the
vulnerable days of iOS 14, dating back to 2021.

State-of-the-art spyw