Malicious or Vulnerable Docker Images Widespread, Firm Says

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious. More than half of the latest images available on Docker Hub have critical vulnerabilities from outdated software, while thousands of images are attack tools or … Continue reading Malicious or Vulnerable Docker Images Widespread, Firm Says

TikTok fixes bugs allowing account takeover with one click

TikTok has addressed two vulnerabilities that could have allowed attackers to take over accounts with a single click when chained together for users who signed-up via third-party apps. The social media platform owned by Beijing-based ByteDance is used for sharing short-form looping mobile videos of 3 to 60 seconds. TikTok's Android app currently has over … Continue reading TikTok fixes bugs allowing account takeover with one click

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in … Continue reading Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Malware Attacks Declined But Became More Evasive in Q2

Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says. A new analysis of malware activity during the second quarter of this year uncovered some mixed news for enterprise organizations. While malware detections in Q2 decreased 8% compared with the previous quarter, attacks involving malware that were … Continue reading Malware Attacks Declined But Became More Evasive in Q2

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

The process of vulnerability disclosure has improved over the years, but still too many security researchers face threats when trying to report bugs. Disclosure policies that give ethical hackers clear guidelines are vast and varied and are seldom universally followed, which adds to the friction between researchers and vendors. This week, the U.S. government’s cybersecurity … Continue reading Vulnerability Disclosure: Ethical Hackers Seek Best Practices