Tag Archives: Security

The Chinese Communist Party shared an ominous warning the same day U.S. lawmakers advanced a bill that could ban Chinese-owned TikTok nationwide.

The House passed the bill Wednesday morning in a bipartisan vote 352 – 65. 

The House China Select Committee says Chinese Communist Party (CCP) officials through ByteDance are using TikTok to spy on its U.S. users’ locations and dictate its algorithm to conduct influence campaigns, making it a national security threat.

ByteDance would have five months after the law is signed to divest from TikTok. If it does not, app stores and web hosting platforms would not be allowed to distribute it in the U.S. 

Ahead of the vote, a spokesman for the CCP railed against the key claims made by Republican and Democrat lawmakers in their push to get the…

As the world transitions towards Industry 4.0, cyberattacks are no longer limited to the IT infrastructure of organizations. Threat actors are increasingly targeting critical infrastructure and operational technology (OT) in organizations from different industries. For instance, The European Union Agency for Cybersecurity (ENISA) has warned that ransomware groups will likely target and disrupt OT operations in the transport sector, in the foreseeable future.

One reason is that IT and OT networks have historically operated in siloes with limited collaboration. This has resulted in the lack of a cohesive strategy for organization-wide security risk management. While IT security teams are often adept at handling the latest threats, risks on the OT plant network side usually go…

In today’s fast evolving digital space, the proliferation of application programming interfaces (APIs) has been nothing short of explosive. One forecast predicts there will be nearly 1.7 billion active APIs by 2030 which ushers in unparalleled opportunities for innovation and connectivity.

APIs act as a crucial bridge between software applications. They function below the application presentation layer, orchestrating data exchanges between software systems. However, as the API ecosystem expands, so too do the challenges, in particular introducing new vulnerabilities and greater risks for data exposure which attackers can exploit.

The API explosion and security implications

Experts have warned popular iOS productivity app was flawed in a way that allowed threat actors to steal sensitive data from the vulnerable device.

The app in question is called Apple Shortcuts, and it acts as a nifty little time-saving widget that allows apps to interact with one another on specific tasks and thus generate useful actions, such as using it to determine the user’s location, calculate how much time it would take to get home, and send that information via SMS, to a contact. 

Tens of thousands of Microsoft Exchange servers are vulnerable to a flaw that is already being abused in the wild, experts have warned.

The vulnerability, tracked as CVE-2024-21410, is a privilege escalation flaw that allows threat actors to perform NTLM relay attacks on Microsoft Exchange Servers and escalate their privileges on the target endpoint. As a result, they could steal sensitive information and confidential data being shared via email, or could use the access as a stepping stone for more devastating attacks.