A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors. Timothy show more ...
A newly discovered credit card skimmer uses an innovative technique to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores.
In a bid to create a safe and secure cyberspace in India, Kaspersky signed an MoU with the Computer Emergency Response Team (CERT-In) at the Ministry of Electronics and Information Technology (MeitY).
Data breaches, network infiltrations, bulk data theft and sale, identity theft, and ransomware outbreaks have all occurred over 2020 and the underground market shows no signs of stopping.
A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a web page to trigger this vulnerability.
Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office, to target over 100,000 inboxes.
A nation-state actor known for its espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research.
The database discovered by CyberNews contained confidential business-related data, including sales data, names of partners and employees, client warehouse stock stats, shipment locations, and more.
AspenPointe notified patients of a data breach stemming from a September 2020 cyberattack wherein attackers to steal protected health information (PHI) and personally identifiable information (PII).
The U.S. Cybersecurity and Infrastructure Security Agency is warning about a password leak that could affect vulnerable Fortinet VPNs, which could lead to possible further exploitation.
Towards the end of 2017, there was a major shift in the malware scene. As cloud-based technologies became more popular, cybercrime gangs also began targeting Docker and Kubernetes systems.
In this latest campaign, threat actors are relying on compromised websites to socially engineer users by using a decoy forum template instructing them to download a malicious file.
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
The average employee still doesn’t think about cybersecurity on a regular basis, because they have not been taught to “trust but verify,” but to “trust and be efficient.”
It notes that upon discovering the contravention, Absa secured High Court orders that enabled search and seizure operations at various premises and secured all devices containing the data.
CTIX Lite combines advanced threat intel platform features with premium threat intelligence feeds and enrichment sources from industry leaders such as Flashpoint, Bambenek, PolySwarm, and Comodo.
After becoming dormant for a long period of time, more than fifty networks in the North American area unexpectedly burst to life, the multinational spam monitoring firm Spamhaus reveals.
Online learning solutions provider K12 Inc., said on Monday that it had decided to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware.
School officials are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants, and contractors, but also their health and financial data.
Only 11% of UK retailers have implemented the recommended and strictest level of DMARC protection, which protects them from identity spoofing and decreases the risk of email fraud for customers.
An Indian national was sentenced to 20 years in prison for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016.
Security vulnerabilities can lead to wallets -- and the crypto stored within -- becoming compromised, and there are still cases of exit scams and fraudulent coin launches.
Continuing the trend of the latest cyberattacks in the IT sector, researchers are expecting another wave of attacks impacting business operations worldwide.
In a press release, the company said its IT systems were breached as part of an attack that was detected on November 25, claiming that files on only a “single environment” became inaccessible.
Experts have reported several malware and threat actors attempting to steal credentials from apps and browsers of organizations worldwide for the purposes of selling it on underground forums.
A group of academic researchers demonstrated how light can be used to manipulate a myriad range of digital assistants, including Amazon Echo devices, using a laser beam.
Dataprotector and CyberSeal encrypted and hid malware inside legitimate code to appear harmless to antivirus software. The price of the services ranged between $40 and $300.
Details of the fund's register of members and correspondence with its investors could be freely read by anyone with the URL to the Azure blob, the Microsoft equivalent of an AWS S3 storage bucket.
Personal information including ID numbers, drivers’ licenses and registration forms have been leaked after a recent suspected cyberattack on the Shirbit insurance company.
In a Positive Technologies report, 26% of companies were found vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed, indicating a lack of recent updates.
Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.
Ubuntu Security Notice 4655-1 - It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause phishing attacks. This issue only affected Ubuntu 16.04 LTS.
This archive contains all of the 185 exploits added to Packet Storm in November, 2020.
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database show more ...
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The show more ...
Red Hat Security Advisory 2020-5314-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5305-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2020-5302-01 - This release of Red Hat build of Quarkus 1.7.5 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a remote SQL injection vulnerability.
Red Hat Security Advisory 2020-5194-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2020-5239-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
Ubuntu Security Notice 4653-1 - It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.
Ubuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.
Red Hat Security Advisory 2020-5257-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5235-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
Red Hat Security Advisory 2020-5254-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a remote SQL injection vulnerability.
eClass LMS version 2.6 suffers from a remote shell upload vulnerability.
WordPress EventON Calendar plugin version 3.0.5 suffers from a cross site scripting vulnerability.
SciKit-Learn version 0.23.2 suffers from a denial of service vulnerability.
TypeSetter version 5.1 suffers from a cross site request forgery vulnerability.
An Indian national on Monday was sentenced to 20 years in prison in the Southern District of Texas for operating and funding India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel (aka Hitesh Hinglaj), who hails from the city of Ahmedabad, India, was sentenced in connection with charges of fraud and money laundering. He was
A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both
Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape. Incomplete visibility of external Attack surfaces led to the dramatic
A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access media files transferred between users, including private voice messages, photos, and videos, stored
