Supply Chain Security

Most organisations depend on suppliers to deliver services, systems and products. You probably have several suppliers; it is how we do business.   Supply chains can be large and complex, involving many suppliers doing many different things. Effectively securing the supply chain can be hard because vulnerabilities can be inherent or introduced and exploited at any[…]

Hacker at a keyboard

VPN Applications Secretly Turning Android Phones into Proxies for Cyber Criminals

Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store.  The findings come from HUMAN’s Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user’s device[…]

Google Logo

Europe & Latin America Targeted by Banking Trojans Through Google Cloud Run

Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe.  “The infection chains associated with these malware families feature the use of malicious Microsoft Installers (MSIs) that function[…]

Microsoft Logo

Patches Released by Microsoft to Tackle Two Windows Zero-Day Exploits, as well as 71 Other Vulnerabilities

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation.  Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition[…]


VMware, CISCO, and Fortinet release patches for critical vulnerabilities!

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices.  The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow[…]