Blockchain Vs. Cryptocurrency
What is Blockchain? Blockchain is a decentralized distributed digital ledger that securely records/stores transactions across a computer network. The word “Block” is obtained from transaction grouping i.e. each transaction is grouped into blocks that are securely linked to each other to form a “chain” of blocks hence the reason for the name “blockchain.” Contrary to […]
How do cloud service providers secure businesses with cloud-based infrastructure?
Since the advent of cloud computing, a persistent question remains: How do cloud service providers secure businesses with cloud-based infrastructure? The reality is that inadequate security can spell disaster, potentially costing a business a fortune or even leading to its closure. WHAT IS CLOUD SECURITY? Cloud security encompasses the procedures and technologies designed to mitigate external […]
Gatekeeper Controls Tightened to Block Unauthorized Software
According to Apple, Gatekeeper is an essential defence mechanism embedded in macOS to prevent untrusted applications from running on the operating system. Recognizing its importance, Apple has completed an update for its next-generation macOS version (macOS Sequoia) to make it more challenging for users to override Gatekeeper protections. The update enhances Gatekeeper’s ability to verify […]
APPLICATION SECURITY BEST PRACTICES
Introduction Ensuring application security is fundamental to safeguarding sensitive information and maintaining user trust. Implementing robust security practices is crucial for protecting digital assets and ensuring the integrity of applications. Below are essential best practices for enhancing application security. Secured Software Development Life Cycle (SDLC) Securing the SDLC involves integrating security measures at every phase […]
Twilio Authy and IE Flaws Now Added to Exploited Vulnerabilities List
The United States Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical vulnerabilities to its Known Exploited Vulnerabilities catalogue. These vulnerabilities have been actively exploited, and their impact is significant: CVE-2012-4792: A decade-old use-after-free vulnerability in Microsoft Internet Explorer. Exploitation of this flaw allows threat actors to execute arbitrary code via malicious websites. […]
Introduction To Application Security
What is Application Security Application security is a crucial aspect of software development that aims to protect the application code and the data it handles from cyber threats. This involves implementing security practices throughout the entire software development lifecycle (SDLC), including the design, development, and deployment stages. Application security is a set of measures designed […]
CrowdStrike Update Crashes Windows Systems Worldwide
Businesses worldwide faced significant disruptions as a recent CrowdStrike update caused Windows workstations to crash, leading to the infamous “blue screen of death.” CrowdStrike acknowledged the issue and assured users that a patch had been deployed to fix the problem in its Falcon Sensor product. CEO George Kurtz emphasized that this was not a security incident […]
Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
A vulnerability tracked as CVE-2024-39929 with a CVSS score of 9.1, has been addressed. This flaw previously allowed threat actors to craft and deliver malicious attachments to victims’ inboxes. The report indicated that the most vulnerable instances were located in Russia, Canada, and the United States. Although there is no evidence of active exploitation, users are […]
Torrents Harbor ViperSoftX Malware
Researchers have discovered ViperSoftX, a sophisticated malware previously detected by Fortinet in 2020, lurking within torrents disguised as eBooks. ViperSoftX dynamically loads and runs PowerShell commands using AutoIt’s Common Language Runtime (CLR). This integration allows it to execute malicious functions while evading detection mechanisms. Mathanraj Thangaraju, and Sijo Jacob, a Trellix security researcher confirmed the […]
Supply Chain Attack Targets jQuery Packages.
Cybersecurity professionals have uncovered a sophisticated supply chain attack involving GitHub, npm, and jsDelivr code repositories. The attacker cleverly embedded malware within the rarely used ‘end’ function of jQuery, which is internally invoked by the more popular ‘fadeTo’ function. Over 68 packages are associated with this ongoing campaign, suggesting manual assembly and publication by threat […]
