Microsoft primes 71 fixes for May Patch Tuesday
Five issues actively exploited in the wild, but the real excitement may have been handled in advance
Similar Posts
Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About
Bys sEveryone has cybersecurity stories involving family members. Here’s a relatively common one. The conversation usually goes something like this: “The strangest thing happened to my streaming account. I got locked out of my account, so I had to change my password. When I logged back in, all my shows were gone. Everything was in Spanish…
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
Bys sCybersecurity researchers have lifted the curtain on a stealthy botnet that’s designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It’s capable of targeting a wide range of IoT devices, such as routers and gateways, spanning multiple architectures. “Built for
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
Bys sGoogle is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority….
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Bys sCybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active…
Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
Bys sCybersecurity researchers have disclosed details of a new vulnerability impacting Google’s Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target’s device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings…
Google Releases Open Source Library for Software Composition Analysis
Bys sGoogle releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning. The post Google Releases Open Source Library for Software Composition Analysis appeared first on SecurityWeek.