The mass shift to remote work has changed more than meets the eye. On the one hand, many employees who previously scorned the idea have now acquired a taste for it. On the other hand, many companies forced to adapt their work processes have realized the benefits of the approach and are considering making it a show more ...
A report by independent researchers warns that TCL brand Android smart TVs contained serious and exploitable security holes. It also raises questions about the China-based electronics firm's ability to remotely access and control deployed devices. The post Security Holes Opened Back Door To TCL Android Smart TVs show more ...
The Internet Service Providers’ Association (ISPA) is warning South Africa’s 11 million gamers to step up their security as the industry increasingly becomes a target for hackers.
DDoS attacks are getting more complex and more sophisticated while also getting cheaper and easier to carry out as cybercriminals take advantage of the sheer number of insecure connected devices.
The victims received an email at their work address in regards to an upcoming conference hosted on Zoom. It contained no details as to the purpose of the impromptu meeting nor the parties involved.
While Microsoft urged users to employ MFA, it also warned against relying on SMS messages or voice calls to handle one-time passcodes (OTPs) because phone-based protocols are fundamentally insecure.
In June 2020, Insikt Group reported on new APT32 operational infrastructure identified through a proprietary method of tracking malware activity associated with APT32, such as METALJACK and DenisRAT.
The gaming industry is sitting on a hotbed of coveted data—vast amounts of PII and credit card information of gamers worldwide, putting their data at the risk of financial and reputation.
Researchers found a new kind of modular backdoor that targets point-of-sale restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.
The difference this time is that while the first three zero-days were discovered internally by Google researchers, these two new zero-days came to Google's attention after tips from anonymous sources.
The botnet leverages IRC servers for command-and-control (C2) communications, experts noticed that it has consistently used the same infrastructure since it first appeared in the threat landscape.
The former head of the National Cyber Security Centre has warned that some British government figures have a “profound lack of understanding” of cyberspace, online warfare, and information security.
The Pay2Key and WannaScream ransomware attacks have been taking place since mid-October, have ramped up this month, and have repeatedly focused on Israeli companies of all sizes,
An unknown threat actor hit Timberline Billing with malware between February 12 and March 4, 2020. After gaining access to the company's network, the attacker encrypted files and removed information.
If you want to strengthen your defenses against ransomware, you'll need to consider the entire cybersecurity alphabet — from authentication to zero-day malware defenses and beyond.
The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS), which powers the Cisco ASR 9000 series of fully distributed routers.
Google's elite teams of bug and malware hunters found and disclosed a flurry of high-severity vulnerabilities exploited in the wild in Chrome, Android, Windows, and iOS devices last week.
The ransomware operators behind Ragnar Locker took their tactics to the next level by hacking into a Facebook advertiser's account and creating advertisements promoting their attack on Campari Group.
A spokesperson from Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, said the attack had taken place on November 3, and been acted upon immediately.
Vista Equity Partners led the Series E funding round, which included participation from Neuberger Berman funds, JP Morgan, General Catalyst, and additional existing investors.
COVID-19 continues to significantly embolden cybercriminals’ phishing and fraud efforts, with phishing incidents rising 220% during the height of the pandemic, according to research from F5 Labs.
Source code allegedly belonging to commercial penetration testing software Cobalt Strike has been published on GitHub, potentially providing a new path for hackers to attack companies.
Cryptocurrency exchange Binance has awarded $200,000 to a team of unidentified investigators after the cybercriminals behind a 2018 phishing campaign were reportedly indicted in the US.
Yesterday, a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters, a well-known website hacker.
According to researchers, the three bugs are an authentication bypass, file delete path traversal, and an arbitrary SQL query execution, which can be combined in order to execute arbitrary code.
The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study — considered the largest one of its kind carried out to date.
Security experts are reporting a new Joker malware variant that uses Github pages and repositories to evade detection on Android devices while spying on victims.
A medical device maker has sued an IT vendor in the wake of an email server migration mishap that exposed the health data of more than 277,000 people, illustrating challenges in vendor risk management.
Microsoft warns that cybercriminals are using advertisements for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware.
A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.
KuCoin chief executive and co-founder Johnny Lyu said in a Twitter thread that the majority of impacted assets have been recovered via "judicial recovery, contract upgrades, and on-chain tracking."
Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest.
Darkside operators have taken to XSS and Exploit - two major Russian-speaking forums - to announce the details of its new affiliate program, according to cyberthreat intelligence monitoring firm Kela.
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2. show more ...
Red Hat Security Advisory 2020-5104-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
Red Hat Security Advisory 2020-5099-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
Red Hat Security Advisory 2020-5100-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.
Ubuntu Security Notice 4628-2 - USN-4628-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the show more ...
WordPress Good LMS plugin versions 2.1.4 and below suffer from a remote SQL injection vulnerability.
Water Billing System version 1.0 suffers from a remote SQL injection vulnerability.
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
Ubuntu Security Notice 4632-1 - It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service or show more ...
Ubuntu Security Notice 4631-1 - It was discovered that libmaxminddb incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause applications using libmaxminddb to crash, resulting in a denial of service.
Ubuntu Security Notice 4171-6 - USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. show more ...
Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. The company released 86.0.4240.198 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were
Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, widely used software suite restaurants, and hospitality
If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that can be done to make their experience more engaging, productive, and fun is going to be a powerful
A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities. "CostaRicto targets
At least one cybercrime gang appears to have found a new method to raise the pressure on those companies they are blackmailing. Read more in my article on the Hot for Security blog.
There's been a cybersecurity goof in the wake of the US presidential elections, the US fingers the hackers responsible for disrupting the Winter Olympics in South Korea, and we take a long hard look at long hard legal mumbojumbo... All this and much much more is discussed in the latest edition of the "Smashing show more ...
Microsoft says you would be better off using a smartphone authentication app or hardware security key to generate your one-time-password instead. Read more in my article on the Hot for Security blog.
Reading Time: ~ 3 min. Webroot is a dynamic team of hard-working individuals with diverse backgrounds. One of those hard-working individuals is Ben Jackson, Senior Manager of Software Development, Engineering. Ben started off building pages in HTML. Now he leads high-performing teams and helps develop architectures show more ...
