In late August, our mail traps started picking up some unusual blackmail messages. In them, cybercriminals claim to have planted a tetryl-charged bomb somewhere in the recipient’s office and say it will be detonated unless a ransom is paid or if police activity is observed near the building. In reality, of show more ...
A malformed CLFS log file could cause a pool overflow, and an adversary could gain the ability to execute code on the victim machine.
This month, of the 129 vulnerabilities patched, 32 were classified as remote code execution issues, which are bugs that permit attackers to exploit vulnerable applications remotely, over a network.
Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime.
An attacker can exploit these vulnerabilities by having an administrator visit a link — or even view an image — by using a specifically crafted payload specific to the targeted website.
A new Harvard study shows that China has closed the gap on the U.S. in three key categories: surveillance, cyber defense, and its efforts to build up its commercial cyber sector.
CyberRisk Alliance (CRA), a business intelligence company serving the cybersecurity and information risk management marketplace, has acquired Security Weekly, a cybersecurity podcast network.
Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches.
TeamTNT used an opensource tool specifically created to monitor and control cloud environments with Docker and Kubernetes installations, thus reducing their footprint on the breached server.
The critical Intel vulnerability could allow unauthenticated attackers to gain escalated privileges on Intel vPro corporate systems.
Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed.
Terms of the acquisition were not disclosed. According to SecurityWeek's research, Delve has raised roughly $1.5 million in Seed funding.
K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.
Researchers have discovered a new Android spyware campaign pushing the “TikTok Pro” app to exploit users' fears of the popular social media app getting being banned in the United States.
Researchers warn of a seven-fold rise in ransomware attacks compared with last year alone - and attackers are continually evolving their tactics.
Experts opine that compliance requirements are often being poorly written, vague, and confusing.
Yubico announced the general availability of the YubiKey 5C NFC, a multi-protocol security key with smart card support, designed with both NFC and USB-C connections on a single device.
Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty warned.
The official leading the effort to protect U.S. elections from foreign hacking said on Tuesday he had seen no signs of infiltration on computer systems used to record and tabulate votes.
The Clark County School District says its computer system was infected by a ransomware attack during the first week of school and some employee personal information may have been exposed.
In July, thousands of Americans started to complain about unsolicited packages of seeds mailed from China.
The COVID-19 pandemic has led to a significant shift in tactics employed by cyber-criminals, according to Bitdefender’s Mid-Year Threat Landscape Report 2020, published today.
The growth of the cloud has been truly astonishing. In less than fifteen years, it has become part of everyday life and casual conversations about moving photos and other data into the cloud.
A new space policy directive issued by the Trump administration last week calls on the space industry to develop cybersecurity measures to protect essential satellites in orbit.
Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, Operation Warp Speed has been running behind the scenes for months.
Cybersecurity startup Pcysys today closed a $25 million funding round, bringing its total raised to around $40 million.
The global pandemic has sent 92% of organizations scurrying to adopt new technologies in order to facilitate remote work, but APAC businesses often fall short on cloud and endpoint security.
Audio Playback Recorder version 3.2.2 SEH local buffer overflow exploit.
Ubuntu Security Notice 4488-2 - USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly show more ...
Scopia XT Desktop version 8.3.915.4 suffers from a cross site request forgery vulnerability.
Red Hat Security Advisory 2020-3616-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
Ubuntu Security Notice 4491-1 - It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
ShareMouse version 5.0.43 suffers from an unquoted service path vulnerability.
Input Director version 1.4.3 suffers from an unquoted service path vulnerability.
A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said
We have all heard of the "cybersecurity skills gap" — firms' inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary skills to
A reader got in touch with me regarding a suspicious email they had received claiming to come from Facebook. What I expected to be a simple phishing email turned out to be something much more curious...
