A lock is reliable only insofar as it cannot be defeated by an intruder. Computer technology makes things easier, alas, including for those who hate doors they cannot open (and no, we are not talking about cats). Thanks to 3D printers, copying keys has become much easier. Of course, to print them, you need at least show more ...
The poor cyber readiness in the education sector has let hackers target academic institutions with different threats, including ransomware attacks, data theft, and espionage attacks.
Researchers expose a broad campaign by Transparent Tribe (or APT36) group against military and diplomatic targets in India and Afghanistan.
47% of UK IT leaders have not updated their security strategies to account for cloud environments, increasing their cyber risks, according to a new Trend Micro study commissioned for CLOUDSEC Online.
North American land developer and home builder Brookfield Residential is one of the first victims of the new DarkSide Ransomware.
An Algerian web developer is believed to have launched coronavirus-themed email scams and helped build other hacking tools, according to a police intelligence report.
No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
Browser-based cryptocurrency mining, also known as cryptojacking, made a surprising comeback earlier this year, in the month of June.
Software-as-a-Service (SaaS) security platform provider ReliaQuest announced on Tuesday that it has raised more than $300 million in a growth funding round led by global investment company KKR.
Researchers urged organizations to upskill incident detection and response teams, after a new Lazarus Group attack which managed to bypass advanced EDR and network security at a cryptocurrency firm.
Sometimes the biggest risks and clues are hiding in plain sight, making it crucial not to overlook less-notorious places and people bringing important things to light.
Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware, according to new research from Abnormal Security.
Malicious Office documents are among the most common vectors exploited by threat actors to deploy malware such as ransomware, RATs, data-stealing trojans, and malware downloaders.
A vulnerability in the Play framework can allow a complete cross-site request forgery (CSRF) protection bypass, researchers have warned.
The Lazarus group is on the hunt for cryptocurrency once more and has now launched a targeted attack against a crypto organization by exploiting the human element of the corporate chain.
The flaws have been described as SQL injection, stored cross-site scripting (XSS), and authorization-related issues. The stored XSS bug can be exploited to execute arbitrary code.
Red Hat Security Advisory 2020-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2020-3545-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer over-read and denial of service vulnerabilities.
Ubuntu Security Notice 4472-1 - Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andres Freund discovered show more ...
Gentoo Linux Security Advisory 202008-10 - A vulnerability has been found in Chromium and Google Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 84.0.4147.135 are affected.
Gentoo Linux Security Advisory 202008-9 - Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. Versions less than 4.8-r3 are affected.
Ubuntu Security Notice 4470-1 - Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. It was discovered that sane-backends incorrectly handled certain show more ...
Ubuntu Security Notice 4469-1 - It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 4471-1 - Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary show more ...
Red Hat Security Advisory 2020-3520-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2020-3519-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
Chrome suffers from a missing array size check in NewFixedArray.
Ubuntu Security Notice 4468-2 - USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote show more ...
A Linux copy-on-write issue can wrongly grant write access.
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
SecZetta NEProfile version 3.3.11 suffers from a host header injection vulnerability.
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company
"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses (complete list) from top instructors, StackSkills Unlimited provides endless learning opportunities. Right now, you can grab lifetime membership for $59. Categories of
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash
