Cybercrooks are leveraging Google Groups to spread malicious links leading to rogue anti-virus programs, according to researchers at security firm eSoft. Victims receive an email alleging they need to update their email settings. A link contained in the message's body directs users to a Google Groups page that contains a link to a trojan that downloads and installs a cocktail of fake anti-virus programs, known as scareware, which are designed to trick users into believing their PCs are infected so they will cough up money to buy bogus protection. — DK
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022
Two high-severity bugs in the Google Chrome browser open users to a remote code execution attack, one of which involves a relatively new component within the Chrome browser ecosystem called WebTransport.
As organizations go all-in on cybersecurity budgets and strategize to fortify their web applications, there are three major considerations they should keep in mind if they want to maximize results – and get the best ROI from their SAST and DAST tools.