Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users.
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.
Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.
A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.