Sky's the Limit, but What About API Security? Challenges in the Cloud-First Era

APIs enable cloud transformation but bring security risks, demanding robust, adaptive strategies to safeguard data and operations.

https://www.darkreading.com/attacks-brea...-first-era

Keep Your Organization's APIs Protected This Holiday Season

Understanding API security risks isn't just a good idea — it's a business imperative. A single API breach can lead to financial losses and reputational damage.

https://www.darkreading.com/vulnerabilit...day-season

Socks5Systemz proxy service infects 10,000 systems worldwide


A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. [...]


https://www.bleepingcomputer.com/news/se...worldwide/

Cybercrime service bypasses Android security to install malware

A new dropper-as-a-service (DaaS) named 'SecuriDropper' has emerged, using a method that bypasses Android 13's 'Restricted Settings' to install malware on devices and grant them access to the Accessibility Services. [...]


https://www.bleepingcomputer.com/news/se...l-malware/

Dealerships set the bar high for going green

<p>Garbage is a dirty word at Pellman's Automotive in Boulder, Colo., and the two Mark Miller Subaru stores in Salt Lake City — three eco-centric businesses that approach recycling with all the zeal and determination of a technician going after an over-torqued oil pan drain plug.</p>

https://www.autonews.com/service-and-par...iness-plan

Musk says Tesla's German plant to build affordable EV, report says

<p>Musk has teased the prospect of a more affordable electric car as the automaker seeks to increase EV deliveries to 20 million by 2030.</p>

https://www.autonews.com/manufacturing/e...eport-says

Google Play Store Highlights 'Independent Security Review' Badge for VPN Apps

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit.
"We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Nataliya Stanetsky of the Android Security

https://thehackernews.com/2023/11/google...duces.html

U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group.
Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial markets and

https://thehackernews.com/2023/11/us-tre...money.html

Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel

Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure.
The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023.
"The script creates a 'Covert Channel' by exploiting the event

https://thehackernews.com/2023/11/google...endar.html

Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sect

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware.
The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius,

https://thehackernews.com/2023/11/irania...ctive.html