Crooks plant backdoor in software used by courtrooms around the world

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, Read More …

Almost every Chinese keyboard app has a security flaw that reveals what users type

Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud Read More …

Secure by Design Alert Eliminating SQL Injection Vulnerabilities in Software

SQL injection – or SQLi – vulnerabilities remain a persistent class of defect in commercial software products. Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers have Read More …

Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs

Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Read More …

Apple warns of “privacy and security threats” after EU requires it to allow sideloading

Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store (sideloading). These drastic changes are brought about to comply with the European Union’s (EU) Digital Markets Act (DMA). Read More …

How the EU Cyber Resilience Act Impacts Manufacturers

The European Union (EU) released their new Cyber Resilience Act which is claimed to be the first ever act put in place to ensure consumers are better protected by the manufacturers of both hardware and software products sold within the Read More …

China: Foreign geographic information software collects sensitive data, posing threat to national security

China’s national security agencies have discovered that foreign geographic information system software used in important industries in China has been collecting and transmitting geographic information data with some of the information collected involving state secrets, posing a serious threat to Read More …

Guidelines for secure AI system development

AI systems have the potential to bring many benefits to society. However, for the opportunities of AI to be fully realised, it must be developed, deployed and operated in a secure and responsible way. AI systems are subject to novel Read More …

First known open-source software attacks on banking sector could kickstart long-running trend

Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector. During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased Read More …