For this week’s episode of the Transatlantic Cable podcast, Jeff and I look at a growing concern in the States: the US general election. The story, from the BBC, covers big-tech companies’ attempts to avoid a confrontation between the two major parties in the upcoming election. Big tech has real concerns show more ...
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock In its advisory (PDF), show more ...
The Windows XP and Windows Server 2003 source code that was leaked online last week on 4chan has been confirmed to be authentic after a YouTube user compiled the code into working operating systems.
Buy online, pick-up in store fraud rose by 55% in the first half of 2020, according to the latest edition of the Forter Fraud Attack Index, highlighting how attackers are targeting e-commerce sites.
Security researchers have been tracking a phishing campaign that abuses Microsoft Office 365 third-party application access to obtain specific resources from victims' accounts.
CMA CGM, world’s fourth-largest container shipping company, first reported the incident on Monday, saying it had shut down access to its online services after malware targeted its peripheral servers.
Misconfigurations have only grown more common amid the COVID-19 pandemic and a global rush to shift organizations into fully virtualized workforces by adopting cloud-based solutions.
Ransomware has become a global menace, but organizations should keep in mind that it’s humans — not code — attacking them, Microsoft said in its new Digital Defense report.
Kylie Jenner's makeup company has warned customers that their information may have been compromised in a recently detected security incident at a Canadian e-commerce merchant.
The Telework Essentials Toolkit by the CISA and CRI contains three personalized modules of role-appropriate security considerations for executive leaders, IT professionals, and teleworkers themselves.
GitHub says the Code Scanning feature "helps prevent vulnerabilities from reaching production by analyzing every pull request, commit, and merge—recognizing vulnerable code as soon as it's created."
Researchers at an Israeli operational technology (OT) company discovered multiple critical flaws in two popular industrial remote access software solutions made by B&R Automation and mbConnect.
Both the National Security Agency and Cybersecurity and Infrastructure Security Agency recently released alerts on the significant increase in cyberattacks on critical infrastructure.
An adware family known primarily for distributing browser hijackers has been caught distributing full-blown malware, security researchers said in a talk at the VirusBulletin 2020 security conference.
Evidence presented in court revealed that he hacked into the computers of LinkedIn, Dropbox, and Formspring employees, and install malware to remotely control them and steal employees’ credentials.
Cisco Talos recently discovered multiple remote code execution vulnerabilities in the NVIDIA D3D10 driver. This driver supports multiple GPUs that NVIDIA produces.
Anthem Inc said on Wednesday it would pay $39.5 million as part of a settlement with U.S. states attorneys general following an investigation into a massive cyber-attack at the company in 2015.
The new variant of the Thanos ransomware dropped a ransom note demanding that each target group send over $20,000 worth of bitcoin to a cryptocurrency wallet under the attackers’ control.
Microsoft addressed the vulnerability with the release of the February Patch Tuesday updates, but over 247,000 Microsoft Exchange servers (61% of Exchange servers installs) are yet to be fixed.
A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux).
The decision comes after a year in which the Internet Crime Complaint Center said it received a total of 467,361 complaints, resulting in over $3.5 billion in losses to individuals and businesses.
Recently, ransomware operators are sticking around, lurking in the network shadows to conduct reconnaissance and patiently lying in wait in order to identify higher-value assets to compromise.
The House on Wednesday unanimously approved legislation that would send cybersecurity resources to state and local governments, which have been increasingly targeted by hackers during past two years.
According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.
According to the latest Bitdefender survey of around 6,000 C-suite executives, businesses are worrying about being caught in the crossfire of cyber warfare and facing disruptions in their operations.
The US government hit the Iran state hacking machine hard earlier this month: In a 72-hour period, it unsealed three separate indictments of seven Iran-based individuals with a total of 22 charges.
The malware, dubbed Android/SpyC32.A, is a new variant of a malware operated by the APT-C-23 group and is currently being used in active campaigns targeting victims in the Middle East.
German spyware FinSpy is back in action with a high-level obfuscation and modular approach to target Windows, macOS, Linux, and Android systems for Egyptian organizations and activists.
Cyberattackers targeting the hospitality industry were recently observed using a phishing page that featured CAPTCHA technology as a way to elude detection and appear legitimate.
HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges.
Sweden’s H&M has been fined around $41 million by the German authorities for internal data security breaches at its customer service center in Nuremberg, the fashion retailer said on Thursday.
The previously unreported attack on Hamilton County illustrates the security weakness of email systems of county offices that could hamper the voting process handled by such local entities.
The acquisition of jSonar, which provides security and compliance to databases on-premise or in the cloud, will bolster Imperva’s data security business. Financial terms of the deal weren’t disclosed.
After attacks against API servers have constantly risen over the past few years, Cloudflare has launched today a new security tool to secure these systems against automated exploitation attempts.
Researchers reported BlackTech, a Chinese APT, targeting the media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China to steal information.
A recent report by Netscout revealed that DDoS attack frequency jumped 25% during peak pandemic lockdown months (March-June), with at least 4.83 million DDoS attacks occurring in H1 2020.
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also show more ...
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The show more ...
Sony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer show more ...
The Call For Papers for nullcon Goa 2021 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place in March of 2021.
BrightSign Digital Signage Diagnostic Web Server version 8.2.26 suffers from an unauthenticated server-side request forgery vulnerability.
SpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.
SpinetiX Fusion Digital Signage version 3.4.8 suffers from a database backup disclosure vulnerability.
vPrioritizer is a vulnerability management dashboard that helps triage and manage risk within your environment by making informed decisions based on defined criteria.
Red Hat Security Advisory 2020-4158-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-4155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-4154-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.5 serves as a replacement for Red show more ...
Ubuntu Security Notice 4562-1 - It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.
CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability.
GetSimple CMS version 3.3.16 suffers from a persistent cross site scripting vulnerability.
SpinetiX Fusion Digital Signage version 3.4.8 suffers from a cross site request forgery vulnerability.
Red Hat Security Advisory 2020-3842-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
MonoCMS Blog version 1.0 suffers from arbitrary file deletion, cross site request forgery, and information disclosure vulnerabilities.
Red Hat Security Advisory 2020-4157-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
SpinetiX Fusion Digital Signage versions 3.4.8 and below suffer from a username enumeration vulnerability.
Red Hat Security Advisory 2020-4156-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
WebsiteBaker version 2.12.2 suffers from an authenticated remote SQL injection vulnerability.
Ubuntu Security Notice 4561-1 - It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie.
Typesetter CMS version 5.1 suffers from a persistent cross site scripting vulnerability.
This archive contains all of the 97 exploits added to Packet Storm in September, 2020.
Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call
A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and
Imagine being contacted by a complete stranger via Facebook, and them telling you that they have complete control over the security system in your new home. Read more in my article on the Hot for Securiy blog.
Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her home's security system. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals. There’s no magic wand that can make a ransomware attack simply disappear with no impact at show more ...
