The SAS is here — digitally, of course; it is 2020, after all. To kick off the latest iteration of the Transatlantic Cable podcast, Dave and I chat about a topic presented at the conference. We begin with Mark Lechtik, Igor Kuznetsov, and Yury Parshin’s research on MosaicRegressor. This new malware uses a UEFI show more ...
Recently, our researchers uncovered a sophisticated targeted attack aimed at diplomatic institutions and NGOs in Asia, Europe, and Africa. As far as we can determine, all of the victims were connected to North Korea in one way or another, whether through nonprofit activity or diplomatic ties. The attackers used a show more ...
September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies who’s fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips from show more ...
The systems we rely on to keep the lights on, heat our homes, make our medicines and move our goods are increasingly connecting to the Internet, and increasingly vulnerable to devastating cyber attacks in what a new report calls a looming "global crisis." The post Report: Critical Infrastructure Cyber Attacks show more ...
While advertising offensive hacking tests, Chengdu 404 used phishing and other means to breach more than 100 organizations in the U.S., South Korea, Japan, and more, according to DoJ charges.
There has been a 429% rise in the number of corporate credentials with plaintext passwords on the dark web so far this year, according to Arctic Wolf’s 2020 Security Operations Annual Report.
The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT using malicious Microsoft Word documents alleged to be from the Azerbaijan government.
Operational technology will continue to become a prime target for malicious cyber mafia actors if organizations don't take the proper steps to secure their systems against pernicious threats.
According to Kaspersky researchers, the malware is in the form of a “compromised UEFI firmware image” with an implant that installs additional malware on the victim devices.
Technology conglomerate Cisco is making a play in the cloud application security market, announcing plans to acquire cybersecurity startup Portshift. Terms of the deal were not disclosed.
Mandiant said the new solution is the first SaaS offering in its portfolio and will combine threat intelligence gathered by Mandiant together with data from cyber incident response engagements.
On September 17th, researchers at Malwarebytes discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism.
A threat actor going by the online handle “Priority” has been found using the infamous Mirai malware source code to launch their own version of the malware by researchers at Juniper Threat Labs.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August.
Microsoft has awarded $374,300 in bug bounties to security researchers who spotted bugs in Azure Sphere which itself offers high-end security for Cloud-connected Internet of Things (IoT) devices.
Researchers found that attackers are using a flaw in the File-Manager WordPress plugin (CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers.
Submitted by a security researcher in November 2019, the issue is described as a failure to remove code from Elasticsearch API search results when transferring a public group to a private group.
In a lawsuit filed in the Eastern District of Virginia in March 2018, Centripetal claimed that numerous Cisco product series have been infringing on five of its patents for years.
In an email to customers, Chowbus CEO Linxin Wen said the data had been “illegally accessed” and dumped online, but he did not say how. Credit card numbers were not compromised, Wen said.
The October 2020 security updates for Android patch a total of 48 vulnerabilities, including critical and high-severity flaws that affect Qualcomm closed-source components and Android System.
If the device uses default or easy-to-guess SSH credentials, the botnet gains access to the system, where it immediately downloads one of seven binaries that install the HEH malware.
More than a quarter of Canadian IT workers say their organization has suffered a COVID-19-themed cyber-attack, according to a new survey by the Canadian Internet Registration Authority (CIRA).
According to research by Pandora, the hackers had launched an SMSC spoofing attack to hijack the SMS verification process for password renewal in the online accounts of the victims.
Researchers from segmentation solutions provider Guardicore have identified a series of vulnerabilities that could have been exploited by a hacker to turn a TV remote into a spying device.
The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information.
Unidentified spies have been quietly breaching Azerbaijani government IT networks and accessing the diplomatic passports of certain officials, according to new research from Cisco Talos.
MTI Technology has been acquired by Ricoh in a move that will bolster its IT capabilities across Europe. MTI will continue to operate under its own brand as part of Ricoh's European operation.
The phishing campaign exploits the IRS, the coronavirus, and SharePoint to obtain email credentials, Social Security numbers, driver's license numbers, and tax numbers, according to Armorblox.
The "additional $201.5 million" announced to help deliver Australia's Cyber Security Strategy is just another part of the AU$1.7 billion over 10 years already announced in August.
Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.
First detected back in 2019, Valak garnered the attention of Cybereason in May 2020 for its ability to function beyond a malware loader and independently operate as an information stealer.
Saudi diplomats, Sikh separatists, and Indian business executives have been among those targeted by a group of hired hackers, according to research published by software firm BlackBerry Corp.
Participants in the financing round included Spring Lake Equity Partners, Marker, New Enterprise Associates, Bessemer Venture Partners, Innovation Endeavors, Cisco, Microsoft, and Citi.
Chrome 86 will warn users when they are about to submit information through a non-secure form embedded in an HTTPS page and when they are about to initiate insecure downloads over non-secure links.
Ukraine is hoping to tackle an ever-growing list of cyberattacks with a new law that rights experts warn could give authorities excessive powers to pry into the lives of citizens.
Researchers reveal that AgentTesla, LimeRAT, W3Cryptolocker, and Redline Stealer are now using Paste[.]nrecom.net service in their spear-phishing attacks.
Regardless of the rationale, ignoring End-of-Life (EOL) or End-of-Service (EOS) warnings can leave organizations exposed to a variety of unforeseen cyberattacks.
Fullz House skimmer group injected a single line of JavaScript code, disguised as a Google Analytics script, into the website of U.S. mobile virtual network operator (MVNO), Boom! Mobile.
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network show more ...
A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via show more ...
BACNet Test Server version 1.01 suffers from a denial of service vulnerability when sending a malformed BVLC Length UDP packet to port 47808 which causes the application to crash.
Typesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.
FortiSIEM versions 5.2.8 and below are vulnerable to an unauthorized remote command execution vulnerability via Expression Language injection. This advisory notes that the Richsploit exploit can be leveraged to still achieve code execution.
Ubuntu Security Notice 4572-2 - USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Ubuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could show more ...
Red Hat Security Advisory 2020-4206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.121. Issues addressed include out of bounds read and out of bounds write vulnerabilities.
Red Hat Security Advisory 2020-4201-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
Liman version 0.7 suffers from a cross site request forgery vulnerability.
Red Hat Security Advisory 2020-4184-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a show more ...
EasyPMS version 1.0.0 suffers from an authentication bypass vulnerability.
The Karel IP Phone IP1211 web management panel suffers from a directory traversal vulnerability.
This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.
Red Hat Security Advisory 2020-4186-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a show more ...
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force attack of the
Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches." This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts. To address this issue, especially for small and mid-sized
Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and show more ...
