Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with 'nutrition labels' based on the security practices and the data they collect from users to share with third parties. The recently announced Google Play's Data Safety section goes into action from July 20th.

CrowdStrike is the only vendor to achieve the highest possible score of 18 points in protection, performance and usability out of all four tested vendors during the AV-TEST MacOS evaluation for business users in March 2022.

Read also: Costa Rica declares state of emergency after a Conti ransomware attack, Microsoft patches a Windows zero-day, and more.

Increasing website attacks make JavaScript security a priority for any business. Here are 10 JavaScript security best practices for business to help protect from e-skimming or other types of client-side attacks and to ensure improved web application client-side security.

RedLine Stealer is a malware that emerged in 2020, discovered in underground forums being sold in different plans, starting from $100 per month. The malware offers many capabilities for device reconnaissance, remote control, and information stealing, including: Since its discovery, attackers have used many different vectors to spread this stealer, including through fake installers and fake game hacking tools. Also, RedLine Stealer was found in compromised devices by the DEV-0537 hacking group (a.k.a.

All developers are prone to mistakes that leave them open to typosquatting attacks. Tiredness, dirty keyboard, or software issues may lead to typing some letters twice. Everyone would like to see a red screen and alarm coming out of the computer in such a case, but sadly, it doesn’t always work that way with most supply chain attacks.

The cybersecurity industry has spent a lot of time talking about improving the analyst experience without making significant improvements. Much of the effort has been too focused on trying to find a silver bullet solution. Combine that with a global pandemic and things are just getting worse.

In this post we discuss how an account with two-factor authentication could be bypassed if the password were breached.

The global pandemic has tilted the scales in favor of cybercriminals, who adapted their attack strategy to exploit the vulnerabilities in the existing security systems in the organizations. Added to this, the global mindset of businesses to shift to a remote and hybrid work environment has exacerbated the threat landscape resulting in high ransomware attacks and data breaches across the industries and geographies.

The Splunk Threat Research Team (STRT) has been heads-down attempting to understand, simulate, and detect the Spring4Shell attack vector. This post shares detection opportunities STRT found in different stages of successful Spring4Shell exploitation. At the time of writing, there are two publicly known CVEs: CVE-2022-22963, and CVE-2022-22965. The Splunk Security Content below is designed to cover exploitation attempts across both CVEs.