Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.

The post Numando: Count once, code twice appeared first on WeLiveSecurity

 

We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities. As part of this commitment, we are excited to announce our support of the Open Source Technology Improvement Fund (OSTIF) to improve security of eight open-source projects.

Google’s support will allow OSTIF to launch the Managed Audit Program (MAP), which will expand in-depth security reviews to critical projects vital to the open source ecosystem. The eight libraries, frameworks and apps that were selected for this round are those that would benefit the most from security improvements and make the largest impact on the open-source ecosystem that relies on them. The projects include:

  • Git – de facto version control software used in modern DevOps.
  • Lodash – a modern JavaScript utility library with over 200 functions to facilitate web development, can be found in most environments that support JavaScript, which is most of the world wide web.
  • Laravel – a php web application framework that is used by many modern, full-stack web applications, including integrations with Google Cloud.
  • Slf4j – a logging facade for various Java logging frameworks.
  • Jackson-core & Jackson-databind – a JSON for Java, Streaming API, and extra shared components and the base for Jackson data-bind package.
  • Httpcomponents-core & Httpcomponents-client – these projects are responsible for creating and maintaining a toolset of low-level Java components focused on HTTP and associated protocols. 
We are excited to help OSTIF build a safer open source environment for everyone. If you are interested in getting involved or learning more please visit the OSTIF blog.

The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML.

The post Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws appeared first on WeLiveSecurity

The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks.

The post WhatsApp announces end‑to‑end encrypted backups appeared first on WeLiveSecurity

The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks.

The post WhatsApp announces end‑to‑end encrypted backups appeared first on WeLiveSecurity

Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity.

The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity

Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity.

The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity

From cybercriminal evergreens like phishing to the verification badge scam we look at the most common tactics fraudsters use to trick their victims

The post Beware of these 5 common scams you can encounter on Instagram appeared first on WeLiveSecurity

Cyberespionnage against Kurdish ethnic group, and more! – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity