Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations.
"This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
Meta will pay $90 million to settle litigation over Facebook's use of cookies to track users’ internet use even after they had logged off.
DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.
What geopolitical standoff could this possibly be linked to?
A researcher has sent one of Apple's AirTags to a mysterious "federal authority" in Germany to locate its true offices — and to help prove that it's really part of an intelligence agency.
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.
CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.
Apple's Airtags are an ingenious technology: they fuse every Ios device into a sensor grid that logs the location of each tag, using clever cryptography to prevent anyone but the tag's owner from pulling that information out of the system.
But there are significant problems with Airtags' privacy model. Some of these are unique to Apple, others are shared by all Bluetooth location systems, including Covid exposure-notification apps and Airtag rivals like Tile.
The revelations made about the Pegasus spyware raised very serious questions about the possible impact of modern spyware tools on fundamental rights, and particularly on the rights to privacy and data protection. This paper aims to contribute to the ongoing assessment in the EU and globally of the ...
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.
Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.
Twitter Inc. told a U.S. senator it is cutting ties with a European technology company that helped it send sensitive passcodes to its users via text message. The social media firm said in a disclosure to U.S. Senator Ron Wyden, a Democrat from Oregon, that it is “transitioning” its service away from working with Mitto AG, according to a Wyden aide.
Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems
On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.
Analyzing OSX.DazzleSpy
A fully-featured cyber-espionage macOS implant
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.
The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
