While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
Researchers recently spotted the Spanish-speaking threat actor — with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.
Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.
Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.
The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.
Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.