We kick off this week’s edition of the Transatlantic Cable podcast by looking at an active scam in the UK. As if 2020 was not bad enough, now people need to be on the lookout for scams that are targeting them with travel and refunds that are more prevalent with everyone at home due to COVID-19 — and the impact show more ...
The Agari Cyber Intelligence Division published a study to better understand the operations of BEC attacks – in particular, the location of attackers and the money mules used for laundering funds.
By far, the most dangerous bug patched this month is CVE-2020-16898. With a severity score of 9.8/10, the RCE vulnerability in the Windows TCP/IP stack is dangerous and likely to be weaponized.
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.
Microsoft successfully argued in court against the use of Windows SDKs inside malware code, a precedent it would be able to use again and again in future botnet crackdowns.
Cyberpion will use the new seed funding to boost its sales and marketing efforts, while expanding and accelerating product development of its Ecosystem Security platform.
Experts say that PM Johnson will order the creation of National Cyber Force, a special military cyber division that will work with local intelligence agencies as the US Cyber Command does in the US.
The Phobos ransomware family is fairly recent, only having been first spotted by security researchers in early 2019. However, it has been frequently upgraded with new variants since then.
The actor employs various methods to spread across the network, like sending infected RTF files using email, psexec, WMI and SMB exploits, including Eternal Blue and SMBGhost affecting Windows 10 PCs.
To compromise additional systems on the network, the attackers used various methods, including remote WMI, remote service execution with PowerShell, and a Cobalt Strike beacon dropped over SMB.
Norway's government on Tuesday said that it believes Russia was behind an August cyberattack targeting the email system of the country's parliament that impacted some lawmakers' messages.
Attacks that target SaaS user accounts are one of the fastest-growing and most prevalent problems for organizations, even before COVID-19 forced the vast and rapid shift to remote work.
CyberNews recently discovered that the digital marketing agency teamDigital was exposing multiple environment config files that contain sensitive data, like database credentials, API keys, and more.
The bug, which is awaiting a CVE assignment, comes in at 9.3 out of 10 on the CvSS severity scale, according to researchers at Sick.Codes, a security resource for developers.
Researchers have pieced together details about a newly-identified, financially-motivated hacking group they say is behind bold, large and long-running malware campaigns.
An information disclosure flaw exists in the WebGL functionality of Chrome 83.0.4103.116 (Stable) (64-bit) and 86.0.4198.0 (Developer Build) (64-bit) that could be exploited by malicious requests.
The problem with exposed Elasticsearch databases, experts say, is that they are often left unsecured by developers by mistake and companies don’t discover the exposure quickly.
While Microsoft warned that cybercriminals have started to incorporate exploits for the ZeroLogon vulnerability in their attacks, the DHS fears that the U.S election could on the target of the attackers.
Research from Microsoft found that a new Android ransomware has added unique TTPs to its arsenal, including a novel ransom note delivery system and an ML component that can be tweaked for various devices.
With ransomware attacks showing no signs of slowing down, some companies have begun offering services to help reduce ransom demands, buy more time in negotiations, and arrange payments.
In 2019 alone, more than 8,223 complaints from individuals and small businesses in North Carolina were filed with the FBI Internet Crime Complaint Center, with monetary losses totaling $48,425,764.
SecurityScorecard announced it has added over 20 new capabilities to its platform to empower organizations of all sizes to become agile and cyber resilient in a quickly shifting global environment.
“In 2016, the Bank failed to exercise proper oversight of the decommissioning of two Wealth Management business data centers located in the US,” the Office of the Comptroller of the Currency said.
Nearly half the BEC scammers in the US are based in five states: California, Georgia, Florida, Texas, and New York, although evidence of BEC attack operations has been detected in 45 states by Agari.
BlueVoyant, a cybersecurity services company, has acquired Managed Sentinel, a specialist in the deployment and management of Microsoft’s cloud-native security solutions.
In its latest regular threat report, CISA counted four CVSS v2 7.5-level vulnerabilities affecting PhantomPDF. Foxit has published updates for its software in both Windows and Apple Mac formats.
Cybercriminals have put their own spin on passing time during the pandemic-induced lockdown with online rap battles, poker tournaments, poem contests, and In-person sports tournaments.
“Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user,” Adobe explained in its advisory.
According to a March 2020 Gartner’s pandemic preparedness study, many organizations and their leaders are unsure whether their risk mitigation strategy is sufficient for operational resilience.
Linux 5.9 was just released two days ago and Intel is recommending in its advisory for the high-severity Bluetooth flaw, CVE-2020-12351, to update the Linux kernel to version 5.9 or later.
As per a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.
The Information Commissioner's Office said it will make enquiries into Klarna after scores of angry people questioned why it had their details despite never doing business with the payments firm.
A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear-phishing campaigns since schools and universities went back.
The recent Homeland Threat Assessment report by the DHS stated that the U.S. Census Bureau was attacked by threat actors last year, conducting vulnerability scans and attempting unauthorized access.
Red Hat Security Advisory 2020-4256-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2020-4257-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2020-4255-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2020-4254-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2020-4252-01 - This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2020-4251-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.445. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 4580-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 4579-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS show more ...
Ubuntu Security Notice 4578-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS show more ...
Ubuntu Security Notice 4577-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Giuseppe Scrivano discovered that show more ...
Ubuntu Security Notice 4576-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 show more ...
Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.
It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). It was discovered that the Serial CAN interface driver in the Linux kernel did show more ...
Ubuntu Security Notice 4583-1 - It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled show more ...
Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could show more ...
Ubuntu Security Notice 4581-1 - It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
Guild Wars 2 suffers from an insecure folder permissions vulnerability.
NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.
TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.
Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.
See-SURF is a python-based scanner to find potential SSRF parameters in a web application.
Taken is a script that enables you to actively attempt to take over priorly assigned DNS to a given EC2 instance.
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye's Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations' networks, in addition to deploying
Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security
Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services and
German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a
The post Phishing and Vishing Protection for Remote Workers appeared first on Security Weekly.
