Adobe has officially released the last update for Flash Player, with the company warning that its software would be pulled on December 31. The announcement doesn’t come as a surprise, as Adobe originally announced its plans to retire Flash Player back in 2017. Browser makers and other developers have thus been show more ...
In 2020, amid the pandemic and lockdowns, video games are popular like never before. Prejudice against them persists, however, and many see games as a waste of time at best. Shooters in particular supposedly make players aggressive and asocial. In fact, 2018 saw the classification of “gaming disorder” as show more ...
Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to show more ...
The Silicon Valley company said nation-state actors, almost certainly Russian, made off with the "Red Team" tools that could be used to mount new attacks around the world.
Fortinet has announced it has acquired Panopta, the SaaS platform innovator that provides full-stack visibility and automated management of the health of an enterprise network.
More than a third of this month's patches (22) are classified as remote code execution (RCE) vulnerabilities which are more easily exploitable, without user interaction, via the network.
On Friday, December 4, U.S. President Donald Trump signed the Internet of Things Cybersecurity Improvement Act of 2020 into law, which is meant to ensure improved security for IoT devices.
The fraudsters are imitating Target's service to such an extent that most users would not see any difference between the fake website and the legitimate one in terms of layout, text, and colors.
Since September 2020, Unit 42 researchers have observed Egregor ransomware affecting multiple industries globally, including those within the U.S, Europe, Asia Pacific, and Latin America.
The lawsuit claimed that Kalispell failed to take appropriate measures to ensure the privacy of patient data and placed patients at financial risk by waiting until October to disclose the incident.
Businesses that suffer a successful cyber attack are extremely likely to be targeted by cybercriminals again – even if they've taken all the correct steps in the aftermath of the initial attack.
API security platform provider Salt Security announced on Tuesday that it has raised $30 million in Series B funding led by Sequoia Capital, with participation from existing investors Tenaya Capital, S Capital VC, and Y Combinator.
Personal details, including phone numbers and email addresses of 7 million Indian debit and credit cardholders, have been circulating on the dark web, an Internet security researcher alerted.
The Apache Software Foundation has released a security update to address a “possible remote code execution” flaw in Apache Struts 2 that is related to the OGNL technology.
CheckPoint's latest Global Threat Index for November 2020 has revealed that there has been a new surge in infections by the well-known Phorpiex botnet which has made it the month’s most prevalent malware.
Cloudflare's Tanya Verma and Sudheesh Singanamalla announced support for the new standard, which separates IP addresses from queries, a measure that, it is hoped, will mask requests and make it more difficult for users to be tracked online.
The cyber-criminal groups behind some of the most notorious and damaging ransomware attacks are using the same tactics and techniques as nation-state-backed hacking operations.
APT28, one of Russia's military hacking units, was most likely responsible for hacking the email accounts of the Norwegian Parliament, the Norwegian police secret service (PST) said.
On December 4th, customers began receiving emails from Netgain stating that they may experience "system outages or slowdowns" due to a cyberattack on the hosting provider.
Four Chinese nationals were sentenced last week to prison sentences for participating in a scheme that planted malware on devices sold by Chinese smartphone maker Gionee.
Beyond Identity, a security startup on a quest to eliminate passwords, today announced a $75 million Series B funding round, bringing the total investment in the company to $105 million.
Sysnet Global Solutions announces that it has acquired Viking Cloud, a cloud security company, to further enhance its technology platform and accelerate its market expansion plans.
This year, agency IT leaders were pressed to implement digital modernization projects faster than ever. However, the complexity of government systems also means that any change adds security risks.
CVE-2020-8554 is a design flaw that impacts all Kubernetes versions, with multi-tenant clusters that allow tenants to create and update services and pods being the most vulnerable to attacks.
A zero-click remote code execution flaw in Microsoft Teams for macOS, Windows, and Linux, which did not receive a CVE, that may merit even closer attention from security chiefs.
Google patched ten critical bugs as part of its December updates. The worst of the bugs was tied to the Android media framework component and gives attackers remote control of vulnerable devices.
The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.
The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.
The Microsoft Windows Cloud Filter access check does not take into account restrictions such as Mandatory Labels allowing a user to bypass security checks.
The Microsoft Windows Cloud Filter driver can be abused to create arbitrary files and directories leading to elevation of privilege.
Ubuntu Security Notice 4666-1 - It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.
Ubuntu Security Notice 4665-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. Varnavas Papaioannou discovered that curl show more ...
Tibco ObfuscationEngine version 5.11 uses a fixed key for decryption operations, making it pointless.
Ubuntu Security Notice 4664-1 - Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service.
Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
Task Management System version 1.0 suffers from a remote shell upload vulnerability.
Task Management System version 1.0 suffers from a remote SQL injection vulnerability.
Ubuntu Security Notice 4663-1 - Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service.
SmarterMail build version 6985 suffers from a remote code execution vulnerability.
Employee Performance Evaluation System version 1.0 suffers from an insecure direct object reference vulnerability.
Ubuntu Security Notice 4662-1 - David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
Dup Scout Enterprise version 10.0.18 SEH remote buffer overflow exploit.
This is a brief whitepaper discussing best practices in mobile application security.
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity. The December security release addresses issues in
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 vulnerabilities that impact
FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's actively investigating the breach in coordination with the US Federal Bureau of Investigation (FBI)
A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the
Cybersecurity firm FireEye has admitted that it has fallen foul of hackers, who stole secret tools used by the company to test the security of its customers.
