Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine […]
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a "simplified and unified management experience that's the same in Chrome and Android settings," Ali Sarraf, Google Chrome product manager, said in a blog post. The updates are also […]
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an
A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web […]
