What is the easiest way to find a threat (either phishing or spam) in your e-mail? A variety of technical headers and other indirect markers of an unwanted message can point the way, but we shouldn’t forget the most obvious bit — the message text. One might think it’s the first thing to analyze; after show more ...
Google has recently released one of the biggest Chrome browser updates which takes care of major security bugs and CERT-IN is now advising all users to get the latest release of Google Chrome.
In addition to warning about the VMware bug, the NSA emphasized that it "encourages NSS, DoD and DIB network administrators to prioritize mitigation of the vulnerability on affected servers."
A team of researchers unveiled previously undisclosed capabilities of an Android spyware implant that could let attackers spy on private chats from popular instant messaging apps.
The Greater Baltimore Medical Center on Sunday became the latest U.S. hospital to grapple with a ransomware incident amid a raging pandemic that has stretched health care IT resources thin.
Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, as per Fortinet.
This year’s annual defense policy bill, known as the National Defense Authorization Act (NDAA), is loaded with provisions that would reshape the federal bureaucracy on cybersecurity.
Cisco has released security updates to address multiple pre-authentication bugs with public exploits affecting Cisco Security Manager that could allow for RCE attack after successful exploitation.
A phishing scheme discovered by Abnormal Security involved an email impersonating a vendor to bypass the victim’s Proofpoint gateway and set up a trap to steal Office 365 credentials.
With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity.
The Cyber Training Capabilities Project Arrangement results in the incorporation of Australian Defense Force feedback into the U.S. Cyber Command’s simulated training domain.
The attack, which took place on December 4, targeted the network of PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers across Moscow and Saint Petersburg.
Microsoft quietly fixed an XSS bug in its Teams web app that opened the door to a serious RCE vulnerability in the Linux, macOS, and Windows desktop versions of its Teams collaboration app.
Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions.
Cybersecurity firm NortonLifeLock (formerly Symantec) has agreed today to acquire German antivirus maker Avira from Bahrain-based Investcorp Technology Partners in a $360 million all-cash deal.
Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.
Microsoft announced the launch of a new offering for its mission-critical Azure Government cloud targeted at government customers and partners that regularly work with top-secret classified data.
Before Clay Heuckendorf and members of his team could even hazard a guess as to why some of a client’s backup data was missing, bad actors launched a ransomware attack right before their eyes.
After a year in which COVID-19 upended the way we live, work and socialize, we are likely to see an increased threat from ransomware and fileless malware in 2021, according to ESET.
The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities, including XSS and command injection bugs, that could be exploited by attackers to over unpatched NAS devices.
Forescout Technologies disclosed 33 new vulnerabilities, including four remote code execution flaws, in four different open-source TCP/IP stacks used by major IoT, OT, and IT device vendors.
A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors.
Dragos, a Maryland-based industrial cybersecurity company, it raised $110 million, the latest sign that investors are pouring money into securing the critical infrastructure.
This Metasploit module exploits an arbitrary file upload vulnerability in FlexDotnetCMS versions 1.5.8 and prior in order to execute arbitrary commands with elevated privileges.
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
Red Hat Security Advisory 2020-5379-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB.
Red Hat Security Advisory 2020-5372-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.
Red Hat Security Advisory 2020-5369-01 - The microcode_ctl packages provide microcode updates for Intel. Issues addressed include an information leakage vulnerability.
Ubuntu Security Notice 4656-2 - USN-4656-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
Dup Scout Enterprise version 10.0.18 suffers from a remote buffer overflow vulnerability.
Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability.
Employee Performance Evaluation System version 1.0 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2020-5374-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.
Red Hat Security Advisory 2020-5365-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.0 serves as a replacement for Red show more ...
Online Bus Ticket Reservation version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at the end of October.
The US National Security Agency (NSA) on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed. The development comes two weeks after the
Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow
There seems to be a new ransomware story every day - a new ransomware attack, a new ransomware technique, criminals not providing encryption keys after receiving ransom payments, private data being publicly released by ransomware attackers—it never ends. Just last month, the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA)
The world’s largest electronics manufacturer, Foxconn, has suffered a cyber attack and extortionists are reportedly demanding a $34 million ransom be paid for the recovery of its data. Read more in my article on the Hot for Security blog.
